Lucene search
UbuntuUSN-5571-1HistoryAug 18, 2022 - 12:00 a.m.
PostgreSQL vulnerability
2022-08-1800:00:00
ubuntu.com
66
postgresql
ubuntu
security vulnerability
extensions
arbitrary code
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.5%
Releases
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
Packages
- postgresql-10 - Object-relational SQL database
- postgresql-12 - Object-relational SQL database
- postgresql-14 - Object-relational SQL database
Details
Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An
attacker could possibly use this issue to execute arbitrary code when
extensions are created or updated.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.04 | noarch | postgresql-14 | < 14.5-0ubuntu0.22.04.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libecpg-compat3 | < 14.5-0ubuntu0.22.04.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libecpg-compat3-dbgsym | < 14.5-0ubuntu0.22.04.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libecpg-dev | < 14.5-0ubuntu0.22.04.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libecpg-dev-dbgsym | < 14.5-0ubuntu0.22.04.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libecpg6 | < 14.5-0ubuntu0.22.04.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libecpg6-dbgsym | < 14.5-0ubuntu0.22.04.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libpgtypes3 | < 14.5-0ubuntu0.22.04.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libpgtypes3-dbgsym | < 14.5-0ubuntu0.22.04.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libpq-dev | < 14.5-0ubuntu0.22.04.1 | UNKNOWN |
References
Related
alpinelinux
alpinelinux
CVE-2022-2625
2022-08-18 19:15:14
osv
osv
postgresql-11 - security update
2022-08-11 00:00:00
Moderate: postgresql:12 security update
2022-10-25 07:32:37
CVE-2022-2625
2022-08-18 19:15:14
altlinux
altlinux
Security fix for the ALT Linux 10 package postgresql15-1C version 14.5-alt1
2022-08-10 00:00:00
Security fix for the ALT Linux 10 package postgresql14 version 14.5-alt1
2022-08-18 00:00:00
Security fix for the ALT Linux 10 package postgresql12 version 12.12-alt1
2022-08-18 00:00:00
debiancve
debiancve
CVE-2022-2625
2022-08-18 19:15:14
suse
suse
Security update for postgresql10 (important)
2022-08-31 00:00:00
Security update for postgresql13 (important)
2022-09-01 00:00:00
Security update for postgresql14 (important)
2022-09-01 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : postgresql13 (SUSE-SU-2022:2987-1)
2022-09-02 00:00:00
AlmaLinux 8 : postgresql:12 (ALSA-2022:7128)
2022-10-25 00:00:00
AlmaLinux 8 : postgresql:10 (ALSA-2023:0113)
2023-01-16 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-2625 affecting package postgresql 12.8-1
2022-10-13 00:40:15
CVE-2022-2625 affecting package postgresql for versions less than 14.5-1
2022-10-05 23:33:47
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:2946-1)
2022-09-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3269-1)
2022-09-15 00:00:00
Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2022-2802)
2022-12-09 00:00:00
kaspersky
kaspersky
KLA15718 RCE vulnerability in PostgreSQL
2022-08-11 00:00:00
almalinux
almalinux
Moderate: postgresql:12 security update
2022-10-25 00:00:00
Moderate: postgresql:10 security update
2023-01-12 00:00:00
Moderate: postgresql security update
2023-04-11 00:00:00
ibm
ibm
prion
prion
Design/Logic Flaw
2022-08-18 19:15:00
cvelist
cvelist
CVE-2022-2625
2022-08-18 00:00:00
rocky
rocky
postgresql:10 security update
2023-01-12 08:25:41
postgresql:12 security update
2022-10-25 07:32:37
postgresql:13 security update
2023-04-06 15:52:43
ubuntucve
ubuntucve
CVE-2022-2625
2022-08-15 00:00:00
debian
debian
[SECURITY] [DLA 3072-1] postgresql-11 security update
2022-08-11 16:01:45
redos
redos
ROS-20221013-03
2022-10-13 00:00:00
redhatcve
redhatcve
CVE-2022-2625
2022-08-18 05:17:10
nvd
nvd
CVE-2022-2625
2022-08-18 19:15:14
redhat
redhat
(RHSA-2023:0160) Moderate: rh-postgresql10-postgresql security and bug fix update
2023-01-12 14:41:54
(RHSA-2022:7128) Moderate: postgresql:12 security update
2022-10-25 07:32:37
(RHSA-2023:0113) Moderate: postgresql:10 security update
2023-01-12 08:25:41
veracode
veracode
Authorization Bypass
2022-08-16 21:28:46
oraclelinux
oraclelinux
postgresql:12 security update
2022-10-27 00:00:00
postgresql:10 security update
2023-01-14 00:00:00
postgresql:13 security update
2023-04-05 00:00:00
broadcom
broadcom
PostgreSQL vulnerability in SANnav 2.2.0.2
2023-08-29 00:00:00
cve
cve
CVE-2022-2625
2022-08-18 19:15:14
cloudfoundry
cloudfoundry
USN-5571-1: PostgreSQL vulnerability | Cloud Foundry
2022-09-29 00:00:00
mageia
mageia
Updated postgresql packages fix security vulnerability
2022-08-29 08:07:41
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0441
2022-08-23 00:00:00
Critical Photon OS Security Update - PHSA-2022-0238
2022-08-26 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0238
2022-08-26 00:00:00
gentoo
gentoo
PostgreSQL: Multiple Vulnerabilities
2022-11-19 00:00:00
hp
hp
HP Device Manager Vulnerability Update (5.0.12)
2024-01-26 00:00:00
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.5%
Related for USN-5571-1