Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
One or more system settings or configuration elements can be externally controlled by a user.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Postgresql | Postgresql | 12.0 (including) | 12.21 (excluding) |
Postgresql | Postgresql | 13.0 (including) | 13.17 (excluding) |
Postgresql | Postgresql | 14.0 (including) | 14.14 (excluding) |
Postgresql | Postgresql | 15.0 (including) | 15.9 (excluding) |
Postgresql | Postgresql | 16.0 (including) | 16.5 (excluding) |
Postgresql | Postgresql | 17.0 (including) | 17.1 (excluding) |
Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | postgresql-0:9.2.24-9.el7_9.2 | * |
Red Hat Enterprise Linux 8 | RedHat | postgresql:12-8100020241122084405.489197e6 | * |
Red Hat Enterprise Linux 8 | RedHat | postgresql:15-8100020241122084744.489197e6 | * |
Red Hat Enterprise Linux 8 | RedHat | postgresql:16-8100020241122085009.489197e6 | * |
Red Hat Enterprise Linux 8 | RedHat | postgresql:13-8100020241122084628.489197e6 | * |
Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | postgresql:12-8020020241126122642.4cda2c84 | * |
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | postgresql:12-8040020241129070850.522a0ee4 | * |
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | postgresql:13-8040020241127111253.522a0ee4 | * |
Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | postgresql:12-8040020241129070850.522a0ee4 | * |
Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | postgresql:13-8040020241127111253.522a0ee4 | * |
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | postgresql:12-8040020241129070850.522a0ee4 | * |
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | postgresql:13-8040020241127111253.522a0ee4 | * |
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | postgresql:13-8060020241128071428.ad008a3a | * |
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | postgresql:12-8060020241128124027.ad008a3a | * |
Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | postgresql:13-8060020241128071428.ad008a3a | * |
Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | postgresql:12-8060020241128124027.ad008a3a | * |
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | postgresql:13-8060020241128071428.ad008a3a | * |
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | postgresql:12-8060020241128124027.ad008a3a | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | postgresql:12-8080020241128093923.63b34585 | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | postgresql:13-8080020241201154729.63b34585 | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | postgresql:15-8080020241201160004.63b34585 | * |
Red Hat Enterprise Linux 9 | RedHat | postgresql:15-9050020241122141928.rhel9 | * |
Red Hat Enterprise Linux 9 | RedHat | postgresql:16-9050020241122142517.rhel9 | * |
Red Hat Enterprise Linux 9 | RedHat | postgresql-0:13.18-1.el9_5 | * |
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | postgresql-0:13.18-1.el9_0 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | postgresql:15-9020020241122142614.rhel9 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | postgresql-0:13.18-1.el9_2 | * |
Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | postgresql:16-9040020241125115314.rhel9 | * |
Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | postgresql-0:13.18-1.el9_4 | * |
Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | postgresql:15-9040020241121160342.rhel9 | * |
Postgresql-12 | Ubuntu | focal | * |
Postgresql-12 | Ubuntu | upstream | * |
Postgresql-14 | Ubuntu | jammy | * |
Postgresql-14 | Ubuntu | upstream | * |
Postgresql-16 | Ubuntu | noble | * |
Postgresql-16 | Ubuntu | oracular | * |
Postgresql-16 | Ubuntu | upstream | * |
Postgresql-17 | Ubuntu | upstream | * |
Postgresql-9.3 | Ubuntu | trusty/esm | * |