CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
postgresqlpostgresql
11.0 ≤
𝑥
< 11.21
postgresqlpostgresql
12.0 ≤
𝑥
< 12.16
postgresqlpostgresql
13.0 ≤
𝑥
< 13.12
postgresqlpostgresql
14.0 ≤
𝑥
< 14.9
postgresqlpostgresql
15.0 ≤
𝑥
< 15.4
redhatsoftware_collections
-
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
debiandebian_linux
8.0
debiandebian_linux
11.0
debiandebian_linux
12.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
postgresql-13
bullseye
13.16-0+deb11u1
fixed
bullseye (security)
13.18-0+deb11u1
fixed
postgresql-15
bookworm
15.8-0+deb12u1
fixed
bookworm (security)
15.10-0+deb12u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-10
bionic
needs-triage
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
dne
postgresql-12
bionic
dne
focal
Fixed 12.16-0ubuntu0.20.04.1
released
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
dne
postgresql-14
bionic
dne
focal
dne
jammy
Fixed 14.9-0ubuntu0.22.04.1
released
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
dne
postgresql-15
bionic
ignored
focal
dne
jammy
dne
lunar
Fixed 15.4-0ubuntu0.23.04.1
released
mantic
Fixed 15.4-1ubuntu1
released
noble
dne
oracular
dne
trusty
ignored
xenial
ignored
postgresql-9.1
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
dne
postgresql-9.3
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
dne
postgresql-9.5
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
Fixed 9.5.25-0ubuntu0.16.04.1+esm5
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libecpg6
suse enterprise sap 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise server 12 SP3
15.4-3.12.1
fixed
suse enterprise server 15 SP1
12.16-150100.3.44.1
fixed
suse enterprise server 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP5
15.4-150200.5.12.1
fixed
libecpg6-32bit
suse enterprise server 12 SP3
15.4-3.12.1
fixed
libpq5
suse enterprise desktop 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise desktop 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise server 12 SP3
15.4-3.12.1
fixed
suse enterprise server 15 SP1
12.16-150100.3.44.1
fixed
suse enterprise server 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP5
15.4-150200.5.12.1
fixed
libpq5-32bit
suse enterprise server 12 SP3
15.4-3.12.1
fixed
suse enterprise server 15 SP1
12.16-150100.3.44.1
fixed
postgresql12
suse enterprise server 12 SP3
12.16-3.42.1
fixed
suse enterprise server 15 SP1
12.16-150100.3.44.1
fixed
postgresql12-contrib
suse enterprise server 12 SP3
12.16-3.42.1
fixed
suse enterprise server 15 SP1
12.16-150100.3.44.1
fixed
postgresql12-devel
suse enterprise server 12 SP3
12.16-3.42.1
fixed
suse enterprise server 15 SP1
12.16-150100.3.44.1
fixed
postgresql12-docs
suse enterprise server 12 SP3
12.16-3.42.1
fixed
suse enterprise server 15 SP1
12.16-150100.3.44.1
fixed
postgresql12-llvmjit-devel
suse enterprise server 12 SP3
12.16-3.42.1
fixed
postgresql12-plperl
suse enterprise server 12 SP3
12.16-3.42.1
fixed
suse enterprise server 15 SP1
12.16-150100.3.44.1
fixed
postgresql12-plpython
suse enterprise server 12 SP3
12.16-3.42.1
fixed
suse enterprise server 15 SP1
12.16-150100.3.44.1
fixed
postgresql12-pltcl
suse enterprise server 12 SP3
12.16-3.42.1
fixed
suse enterprise server 15 SP1
12.16-150100.3.44.1
fixed
postgresql12-server
suse enterprise server 12 SP3
12.16-3.42.1
fixed
suse enterprise server 15 SP1
12.16-150100.3.44.1
fixed
postgresql12-server-devel
suse enterprise server 12 SP3
12.16-3.42.1
fixed
suse enterprise server 15 SP1
12.16-150100.3.44.1
fixed
postgresql13
suse enterprise sap 15 SP4
13.12-150200.5.43.1
fixed
suse enterprise server 12 SP3
13.12-3.36.1
fixed
suse enterprise server 15 SP4
13.12-150200.5.43.1
fixed
postgresql13-contrib
suse enterprise sap 15 SP4
13.12-150200.5.43.1
fixed
suse enterprise server 12 SP3
13.12-3.36.1
fixed
suse enterprise server 15 SP4
13.12-150200.5.43.1
fixed
postgresql13-devel
suse enterprise sap 15 SP4
13.12-150200.5.43.1
fixed
suse enterprise server 15 SP4
13.12-150200.5.43.1
fixed
postgresql13-docs
suse enterprise sap 15 SP4
13.12-150200.5.43.1
fixed
suse enterprise server 12 SP3
13.12-3.36.1
fixed
suse enterprise server 15 SP4
13.12-150200.5.43.1
fixed
postgresql13-llvmjit
suse enterprise sap 15 SP4
13.12-150200.5.43.1
fixed
suse enterprise server 15 SP4
13.12-150200.5.43.1
fixed
postgresql13-llvmjit-devel
suse enterprise sap 15 SP4
13.12-150200.5.43.1
fixed
suse enterprise server 15 SP4
13.12-150200.5.43.1
fixed
postgresql13-plperl
suse enterprise sap 15 SP4
13.12-150200.5.43.1
fixed
suse enterprise server 12 SP3
13.12-3.36.1
fixed
suse enterprise server 15 SP4
13.12-150200.5.43.1
fixed
postgresql13-plpython
suse enterprise sap 15 SP4
13.12-150200.5.43.1
fixed
suse enterprise server 12 SP3
13.12-3.36.1
fixed
suse enterprise server 15 SP4
13.12-150200.5.43.1
fixed
postgresql13-pltcl
suse enterprise sap 15 SP4
13.12-150200.5.43.1
fixed
suse enterprise server 12 SP3
13.12-3.36.1
fixed
suse enterprise server 15 SP4
13.12-150200.5.43.1
fixed
postgresql13-server
suse enterprise sap 15 SP4
13.12-150200.5.43.1
fixed
suse enterprise server 12 SP3
13.12-3.36.1
fixed
suse enterprise server 15 SP4
13.12-150200.5.43.1
fixed
postgresql13-server-devel
suse enterprise sap 15 SP4
13.12-150200.5.43.1
fixed
suse enterprise server 15 SP4
13.12-150200.5.43.1
fixed
postgresql14
suse enterprise desktop 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise sap 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise sap 15 SP5
14.9-150200.5.29.1
fixed
suse enterprise server 12 SP3
14.9-3.26.1
fixed
suse enterprise server 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise server 15 SP5
14.9-150200.5.29.1
fixed
postgresql14-contrib
suse enterprise sap 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise sap 15 SP5
14.9-150200.5.29.1
fixed
suse enterprise server 12 SP3
14.9-3.26.1
fixed
suse enterprise server 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise server 15 SP5
14.9-150200.5.29.1
fixed
postgresql14-devel
suse enterprise sap 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise sap 15 SP5
14.9-150200.5.29.1
fixed
suse enterprise server 12 SP3
14.9-3.26.1
fixed
suse enterprise server 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise server 15 SP5
14.9-150200.5.29.1
fixed
postgresql14-docs
suse enterprise sap 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise sap 15 SP5
14.9-150200.5.29.1
fixed
suse enterprise server 12 SP3
14.9-3.26.1
fixed
suse enterprise server 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise server 15 SP5
14.9-150200.5.29.1
fixed
postgresql14-llvmjit
suse enterprise sap 15 SP5
14.9-150200.5.29.1
fixed
suse enterprise server 15 SP5
14.9-150200.5.29.1
fixed
postgresql14-llvmjit-devel
suse enterprise sap 15 SP5
14.9-150200.5.29.1
fixed
suse enterprise server 12 SP3
14.9-3.26.1
fixed
suse enterprise server 15 SP5
14.9-150200.5.29.1
fixed
postgresql14-plperl
suse enterprise sap 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise sap 15 SP5
14.9-150200.5.29.1
fixed
suse enterprise server 12 SP3
14.9-3.26.1
fixed
suse enterprise server 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise server 15 SP5
14.9-150200.5.29.1
fixed
postgresql14-plpython
suse enterprise sap 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise sap 15 SP5
14.9-150200.5.29.1
fixed
suse enterprise server 12 SP3
14.9-3.26.1
fixed
suse enterprise server 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise server 15 SP5
14.9-150200.5.29.1
fixed
postgresql14-pltcl
suse enterprise sap 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise sap 15 SP5
14.9-150200.5.29.1
fixed
suse enterprise server 12 SP3
14.9-3.26.1
fixed
suse enterprise server 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise server 15 SP5
14.9-150200.5.29.1
fixed
postgresql14-server
suse enterprise sap 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise sap 15 SP5
14.9-150200.5.29.1
fixed
suse enterprise server 12 SP3
14.9-3.26.1
fixed
suse enterprise server 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise server 15 SP5
14.9-150200.5.29.1
fixed
postgresql14-server-devel
suse enterprise sap 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise sap 15 SP5
14.9-150200.5.29.1
fixed
suse enterprise server 12 SP3
14.9-3.26.1
fixed
suse enterprise server 15 SP4
14.9-150200.5.29.1
fixed
suse enterprise server 15 SP5
14.9-150200.5.29.1
fixed
postgresql15
suse enterprise desktop 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise desktop 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP6
15.6-150600.14.4
fixed
suse enterprise sap 15 SP7
15.12-150600.16.14.1
fixed
suse enterprise server 12 SP3
15.4-3.12.1
fixed
suse enterprise server 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP6
15.6-150600.14.4
fixed
suse enterprise server 15 SP7
15.12-150600.16.14.1
fixed
postgresql15-contrib
suse enterprise sap 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP6
15.6-150600.14.4
fixed
suse enterprise sap 15 SP7
15.12-150600.16.14.1
fixed
suse enterprise server 12 SP3
15.4-3.12.1
fixed
suse enterprise server 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP6
15.6-150600.14.4
fixed
suse enterprise server 15 SP7
15.12-150600.16.14.1
fixed
postgresql15-devel
suse enterprise sap 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP7
15.12-150600.16.14.1
fixed
suse enterprise server 12 SP3
15.4-3.12.1
fixed
suse enterprise server 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP7
15.12-150600.16.14.1
fixed
postgresql15-docs
suse enterprise sap 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise server 12 SP3
15.4-3.12.1
fixed
suse enterprise server 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP5
15.4-150200.5.12.1
fixed
postgresql15-plperl
suse enterprise sap 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise server 12 SP3
15.4-3.12.1
fixed
suse enterprise server 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP5
15.4-150200.5.12.1
fixed
postgresql15-plpython
suse enterprise sap 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise server 12 SP3
15.4-3.12.1
fixed
suse enterprise server 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP5
15.4-150200.5.12.1
fixed
postgresql15-pltcl
suse enterprise sap 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise server 12 SP3
15.4-3.12.1
fixed
suse enterprise server 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP5
15.4-150200.5.12.1
fixed
postgresql15-server
suse enterprise sap 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP6
15.6-150600.14.4
fixed
suse enterprise sap 15 SP7
15.12-150600.16.14.1
fixed
suse enterprise server 12 SP3
15.4-3.12.1
fixed
suse enterprise server 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP6
15.6-150600.14.4
fixed
suse enterprise server 15 SP7
15.12-150600.16.14.1
fixed
postgresql15-server-devel
suse enterprise sap 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise sap 15 SP5
15.4-150200.5.12.1
fixed
suse enterprise server 12 SP3
15.4-3.12.1
fixed
suse enterprise server 15 SP4
15.4-150200.5.12.1
fixed
suse enterprise server 15 SP5
15.4-150200.5.12.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
postgresql
RHEL 9
0:13.13-1.el9_3
fixed
postgresql-contrib
RHEL 9
0:13.13-1.el9_3
fixed
postgresql-docs
RHEL 9
0:13.13-1.el9_3
fixed
postgresql-plperl
RHEL 9
0:13.13-1.el9_3
fixed
postgresql-plpython3
RHEL 9
0:13.13-1.el9_3
fixed
postgresql-pltcl
RHEL 9
0:13.13-1.el9_3
fixed
postgresql-private-devel
RHEL 9
0:13.13-1.el9_3
fixed
postgresql-private-libs
RHEL 9
0:13.13-1.el9_3
fixed
postgresql-server
RHEL 9
0:13.13-1.el9_3
fixed
postgresql-server-devel
RHEL 9
0:13.13-1.el9_3
fixed
postgresql-static
RHEL 9
0:13.13-1.el9_3
fixed
postgresql-test
RHEL 9
0:13.13-1.el9_3
fixed
postgresql-upgrade
RHEL 9
0:13.13-1.el9_3
fixed
postgresql-upgrade-devel
RHEL 9
0:13.13-1.el9_3
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:7545
https://access.redhat.com/errata/RHSA-2023:7579
https://access.redhat.com/errata/RHSA-2023:7580
https://access.redhat.com/errata/RHSA-2023:7581
https://access.redhat.com/errata/RHSA-2023:7616
https://access.redhat.com/errata/RHSA-2023:7656
https://access.redhat.com/errata/RHSA-2023:7666
https://access.redhat.com/errata/RHSA-2023:7667
https://access.redhat.com/errata/RHSA-2023:7694
https://access.redhat.com/errata/RHSA-2023:7695
https://access.redhat.com/errata/RHSA-2023:7714
https://access.redhat.com/errata/RHSA-2023:7770
https://access.redhat.com/errata/RHSA-2023:7772
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
https://access.redhat.com/security/cve/CVE-2023-39417
https://bugzilla.redhat.com/show_bug.cgi?id=2228111
https://www.postgresql.org/support/security/CVE-2023-39417
https://access.redhat.com/errata/RHSA-2023:7545
https://access.redhat.com/errata/RHSA-2023:7579
https://access.redhat.com/errata/RHSA-2023:7580
https://access.redhat.com/errata/RHSA-2023:7581
https://access.redhat.com/errata/RHSA-2023:7616
https://access.redhat.com/errata/RHSA-2023:7656
https://access.redhat.com/errata/RHSA-2023:7666
https://access.redhat.com/errata/RHSA-2023:7667
https://access.redhat.com/errata/RHSA-2023:7694
https://access.redhat.com/errata/RHSA-2023:7695
https://access.redhat.com/errata/RHSA-2023:7714
https://access.redhat.com/errata/RHSA-2023:7770
https://access.redhat.com/errata/RHSA-2023:7772
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
https://access.redhat.com/security/cve/CVE-2023-39417
https://bugzilla.redhat.com/show_bug.cgi?id=2228111
https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html
https://security.netapp.com/advisory/ntap-20230915-0002/
https://www.debian.org/security/2023/dsa-5553
https://www.debian.org/security/2023/dsa-5554
https://www.postgresql.org/support/security/CVE-2023-39417