CVE-2017-7484

Published: 5/12/2017 Last updated: 8/5/2024 Reserved: 4/5/2017

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (5)

conf-mingw-w64-postgresql-i686 conf-mingw-w64-postgresql-x86_64 conf-postgresql ocsigen-start postgresql

Products affected (1)

Product	Vendor	Version
PostgreSQL	The PostgreSQL Global Development Group	6.0.5

References (20)

http://www.securitytracker.com/id/1038476
http://www.debian.org/security/2017/dsa-3851
https://access.redhat.com/errata/RHSA-2017:2425
https://access.redhat.com/errata/RHSA-2017:1678
https://access.redhat.com/errata/RHSA-2017:1677
https://access.redhat.com/errata/RHSA-2017:1983
https://www.postgresql.org/about/news/1746/
https://access.redhat.com/errata/RHSA-2017:1838
http://www.securityfocus.com/bid/98459
https://security.gentoo.org/glsa/201710-06
http://www.securitytracker.com/id/1038476
http://www.debian.org/security/2017/dsa-3851
https://access.redhat.com/errata/RHSA-2017:2425
https://access.redhat.com/errata/RHSA-2017:1678
https://access.redhat.com/errata/RHSA-2017:1677
https://access.redhat.com/errata/RHSA-2017:1983
https://www.postgresql.org/about/news/1746/
https://access.redhat.com/errata/RHSA-2017:1838
http://www.securityfocus.com/bid/98459
https://security.gentoo.org/glsa/201710-06