Debian Postgresql-15 vulnerabilities

CVE-2026-2005 [HIGH] CVE-2026-2005: postgresql-13 - Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to exec... Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. Scope: local bullseye: resolved (fixed in 13.23-0+deb11u2)

CVE-2026-2004 [HIGH] CVE-2026-2004: postgresql-13 - Missing validation of type of input in PostgreSQL intarray extension selectivity... Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. Scope: local bullseye: resolved (fixed in 13.23-0+deb11u2)

CVE-2026-2006 [HIGH] CVE-2026-2006: postgresql-13 - Missing validation of multibyte character length in PostgreSQL text manipulation... Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. Scope: local bullseye: resolved (fix

CVE-2026-2003 [MEDIUM] CVE-2026-2003: postgresql-13 - Improper validation of type "oidvector" in PostgreSQL allows a database user to ... Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. Scope: local bullseye: re

CVE-2026-2007 [HIGH] CVE-2026-2007: postgresql-13 - Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unk... Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected. Scope: local bullseye: resolved

CVE-2025-1094 [HIGH] CVE-2025-1094: postgresql-13 - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescape... Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL

CVE-2025-8713 [HIGH] CVE-2025-8713: postgresql-13 - PostgreSQL optimizer statistics allow a user to read sampled data within a view ... PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this

CVE-2025-8715 [MEDIUM] CVE-2025-8715: postgresql-13 - Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of th... Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target

CVE-2025-8714 [MEDIUM] CVE-2025-8714: postgresql-13 - Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser o... Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to

CVE-2025-4207 [MEDIUM] CVE-2025-4207: postgresql-13 - Buffer over-read in PostgreSQL GB18030 encoding validation allows a database inp... Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected. Scope: local bullseye: resolved (fi

CVE-2025-12818 [MEDIUM] CVE-2025-12818: postgresql-13 - Integer wraparound in multiple PostgreSQL libpq client library functions allows ... Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 ar

CVE-2025-12817 [LOW] CVE-2025-12817: postgresql-13 - Missing authorization in PostgreSQL CREATE STATISTICS command allows a table own... Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

CVE-2024-10979 [HIGH] CVE-2024-10979: postgresql-13 - Incorrect control of environment variables in PostgreSQL PL/Perl allows an unpri... Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are

CVE-2024-7348 [HIGH] CVE-2024-7348: postgresql-13 - Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allow... Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivia

CVE-2024-0985 [HIGH] CVE-2024-0985: postgresql-13 - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allo... Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. Th

CVE-2024-10976 [HIGH] CVE-2024-10976: postgresql-13 - Incomplete tracking in PostgreSQL of tables with row security allows a reused qu... Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-l

CVE-2024-10978 [MEDIUM] CVE-2024-10978: postgresql-13 - Incorrect privilege assignment in PostgreSQL allows a less-privileged applicatio... Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the att

CVE-2024-4317 [LOW] CVE-2024-4317: postgresql-13 - Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext... Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing

CVE-2024-10977 [LOW] CVE-2024-10977: postgresql-13 - Client use of server error message in PostgreSQL allows a server not trusted und... Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clie

CVE-2023-2454 [HIGH] CVE-2023-2454: postgresql-13 - schema_element defeats protective search_path changes; It was found that certain... schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. Scope: local bullseye: resolved (fixed in 13.11-0+deb11u1)