CVE-2017-7548

Severity

40%

Complexity

80%

Confidentiality

48%

PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.

CVSS 3.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N).

Overview

Type

PostgreSQL

First reported 7 years ago

2017-08-16 18:29:00

Last updated 5 years ago

2019-10-03 00:03:00

Affected Software

PostgreSQL PostgreSQL 9.4

9.4

PostgreSQL 9.4.1

9.4.1

PostgreSQL 9.4.2

9.4.2

PostgreSQL 9.4.3

9.4.3

PostgreSQL 9.4.4

9.4.4

PostgreSQL PostgreSQL 9.4.5

9.4.5

PostgreSQL 9.4.6

9.4.6

PostgreSQL 9.4.7

9.4.7

PostgreSQL 9.4.8

9.4.8

PostgreSQL 9.4.9

9.4.9

PostgreSQL 9.4.10

9.4.10

PostgreSQL 9.4.11

9.4.11

PostgreSQL 9.4.12

9.4.12

PostgreSQL PostgreSQL 9.5

9.5

PostgreSQL 9.5.2

9.5.2

PostgreSQL 9.5.3

9.5.3

PostgreSQL 9.5.4

9.5.4

PostgreSQL 9.5.5

9.5.5

PostgreSQL 9.5.6

9.5.6

PostgreSQL 9.5.7

9.5.7

PostgreSQL 9.6

9.6

PostgreSQL 9.6.1

9.6.1

PostgreSQL 9.6.2

9.6.2

PostgreSQL 9.6.3

9.6.3

References

DSA-3935

DSA-3936

100276

Third Party Advisory, VDB Entry

1039142