Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | postgresql16-0:16.10-1.el10_0 | * |
| Red Hat Enterprise Linux 8 | RedHat | postgresql:16-8100020250818110346.489197e6 | * |
| Red Hat Enterprise Linux 8 | RedHat | postgresql:13-8100020250818110147.489197e6 | * |
| Red Hat Enterprise Linux 8 | RedHat | postgresql:15-8100020250818110305.489197e6 | * |
| Red Hat Enterprise Linux 8 | RedHat | postgresql:12-8100020250829093521.489197e6 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | postgresql:12-8020020250826135918.4cda2c84 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | postgresql:12-8040020250820054803.522a0ee4 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | postgresql:13-8040020250818170654.522a0ee4 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | postgresql:12-8060020250820072728.ad008a3a | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | postgresql:13-8060020250825094024.ad008a3a | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | postgresql:12-8060020250820072728.ad008a3a | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | postgresql:13-8060020250825094024.ad008a3a | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | postgresql:12-8060020250820072728.ad008a3a | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | postgresql:13-8060020250825094024.ad008a3a | * |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | postgresql:12-8080020250819150429.63b34585 | * |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | postgresql:13-8080020250819150623.63b34585 | * |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | postgresql:15-8080020250815150643.63b34585 | * |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | postgresql:12-8080020250819150429.63b34585 | * |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | postgresql:13-8080020250819150623.63b34585 | * |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | postgresql:15-8080020250815150643.63b34585 | * |
| Red Hat Enterprise Linux 9 | RedHat | postgresql:16-9060020250817200213.rhel9 | * |
| Red Hat Enterprise Linux 9 | RedHat | postgresql:15-9060020250817180313.rhel9 | * |
| Red Hat Enterprise Linux 9 | RedHat | postgresql-0:13.22-1.el9_6 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | postgresql-0:13.22-1.el9_0 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | postgresql-0:13.22-1.el9_2 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | postgresql:15-9020020250815141744.rhel9 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | postgresql:15-9040020250818140154.rhel9 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | postgresql:16-9040020250818135852.rhel9 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | postgresql-0:13.22-1.el9_4 | * |