CVE-2024-10979

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH).  That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user.  Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
PostgreSQLCNA
8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
postgresqlpostgresql
12.0 ≤
𝑥
< 12.21
postgresqlpostgresql
13.0 ≤
𝑥
< 13.17
postgresqlpostgresql
14.0 ≤
𝑥
< 14.14
postgresqlpostgresql
15.0 ≤
𝑥
< 15.9
postgresqlpostgresql
16.0 ≤
𝑥
< 16.5
postgresqlpostgresql
17.0 ≤
𝑥
< 17.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
postgresql-13
bullseye
vulnerable
bullseye (security)
13.21-0+deb11u1
fixed
postgresql-15
bookworm
15.13-0+deb12u1
fixed
bookworm (security)
15.10-0+deb12u1
fixed
postgresql-17
sid
17.5-1
fixed
trixie
17.5-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-10
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
needs-triage
postgresql-12
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
Fixed 12.22-0ubuntu0.20.04.1
released
postgresql-14
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 14.15-0ubuntu0.22.04.1
released
focal
dne
postgresql-16
plucky
dne
oracular
Fixed 16.6-0ubuntu0.24.10.1
released
noble
Fixed 16.6-0ubuntu0.24.04.1
released
jammy
dne
focal
dne
postgresql-17
plucky
not-affected
oracular
dne
noble
dne
jammy
dne
focal
dne
postgresql-9.1
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
postgresql-9.3
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
trusty
deferred
postgresql-9.5
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
xenial
Fixed 9.5.25-0ubuntu0.16.04.1+esm10
released
Common Weakness Enumeration
References
https://www.postgresql.org/support/security/CVE-2024-10979/
https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md
https://security.netapp.com/advisory/ntap-20250110-0003/