CVE-2017-7484

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
postgresqlpostgresql
𝑥
≤ 9.2.20
postgresqlpostgresql
9.3
postgresqlpostgresql
9.3.1
postgresqlpostgresql
9.3.2
postgresqlpostgresql
9.3.3
postgresqlpostgresql
9.3.4
postgresqlpostgresql
9.3.5
postgresqlpostgresql
9.3.6
postgresqlpostgresql
9.3.7
postgresqlpostgresql
9.3.8
postgresqlpostgresql
9.3.9
postgresqlpostgresql
9.3.10
postgresqlpostgresql
9.3.11
postgresqlpostgresql
9.3.12
postgresqlpostgresql
9.3.13
postgresqlpostgresql
9.3.14
postgresqlpostgresql
9.3.15
postgresqlpostgresql
9.3.16
postgresqlpostgresql
9.4
postgresqlpostgresql
9.4.1
postgresqlpostgresql
9.4.2
postgresqlpostgresql
9.4.3
postgresqlpostgresql
9.4.4
postgresqlpostgresql
9.4.5
postgresqlpostgresql
9.4.6
postgresqlpostgresql
9.4.7
postgresqlpostgresql
9.4.8
postgresqlpostgresql
9.4.9
postgresqlpostgresql
9.4.10
postgresqlpostgresql
9.4.11
postgresqlpostgresql
9.5
postgresqlpostgresql
9.5.1
postgresqlpostgresql
9.5.2
postgresqlpostgresql
9.5.3
postgresqlpostgresql
9.5.4
postgresqlpostgresql
9.5.5
postgresqlpostgresql
9.5.6
postgresqlpostgresql
9.6
postgresqlpostgresql
9.6.1
postgresqlpostgresql
9.6.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-10
disco
dne
cosmic
not-affected
bionic
not-affected
artful
dne
zesty
dne
xenial
dne
trusty
dne
postgresql-9.1
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
trusty
dne
postgresql-9.3
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
trusty
Fixed 9.3.17-0ubuntu0.14.04
released
postgresql-9.5
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
ignored
xenial
Fixed 9.5.7-0ubuntu0.16.04
released
trusty
dne
postgresql-9.6
disco
dne
cosmic
dne
bionic
dne
artful
not-affected
zesty
Fixed 9.6.3-0ubuntu0.17.04
released
yakkety
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
http://www.debian.org/security/2017/dsa-3851
http://www.securityfocus.com/bid/98459
http://www.securitytracker.com/id/1038476
https://access.redhat.com/errata/RHSA-2017:1677
https://access.redhat.com/errata/RHSA-2017:1678
https://access.redhat.com/errata/RHSA-2017:1838
https://access.redhat.com/errata/RHSA-2017:1983
https://access.redhat.com/errata/RHSA-2017:2425
https://security.gentoo.org/glsa/201710-06
https://www.postgresql.org/about/news/1746/
http://www.debian.org/security/2017/dsa-3851
http://www.securityfocus.com/bid/98459
http://www.securitytracker.com/id/1038476
https://access.redhat.com/errata/RHSA-2017:1677
https://access.redhat.com/errata/RHSA-2017:1678
https://access.redhat.com/errata/RHSA-2017:1838
https://access.redhat.com/errata/RHSA-2017:1983
https://access.redhat.com/errata/RHSA-2017:2425
https://security.gentoo.org/glsa/201710-06
https://www.postgresql.org/about/news/1746/