CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
Configurations

Configuration 1 (hide)

cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

History

16 Sep 2024, 16:15

Type Values Removed Values Added
References
  • {'url': 'https://security.netapp.com/advisory/ntap-20230915-0002/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.debian.org/security/2023/dsa-5553', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}

16 Feb 2024, 13:57

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2023:7884 - () https://access.redhat.com/errata/RHSA-2023:7884 - Third Party Advisory
References (MISC) https://security.netapp.com/advisory/ntap-20230915-0002/ - (MISC) https://security.netapp.com/advisory/ntap-20230915-0002/ - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7885 - () https://access.redhat.com/errata/RHSA-2023:7885 - Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5553 - () https://www.debian.org/security/2023/dsa-5553 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7785 - () https://access.redhat.com/errata/RHSA-2023:7785 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7883 - () https://access.redhat.com/errata/RHSA-2023:7883 - Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
First Time Debian
Debian debian Linux

20 Dec 2023, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7883 -
  • () https://access.redhat.com/errata/RHSA-2023:7885 -
  • () https://access.redhat.com/errata/RHSA-2023:7884 -

13 Dec 2023, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7785 -

14 Nov 2023, 14:15

Type Values Removed Values Added
References
  • () https://www.debian.org/security/2023/dsa-5553 -

15 Sep 2023, 14:15

Type Values Removed Values Added
References
  • (MISC) https://security.netapp.com/advisory/ntap-20230915-0002/ -

18 Aug 2023, 17:38

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
References (MISC) https://access.redhat.com/security/cve/CVE-2023-39418 - (MISC) https://access.redhat.com/security/cve/CVE-2023-39418 - Third Party Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2228112 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2228112 - Issue Tracking, Patch, Third Party Advisory
References (MISC) https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 - (MISC) https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 - Mailing List, Patch
References (MISC) https://www.postgresql.org/support/security/CVE-2023-39418/ - (MISC) https://www.postgresql.org/support/security/CVE-2023-39418/ - Vendor Advisory
CWE NVD-CWE-noinfo
First Time Postgresql
Redhat
Redhat enterprise Linux
Postgresql postgresql
CPE cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

11 Aug 2023, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-11 13:15

Updated : 2024-09-16 16:15


NVD link : CVE-2023-39418

Mitre link : CVE-2023-39418

CVE.ORG link : CVE-2023-39418


JSON object : View

Products Affected

debian

  • debian_linux

redhat

  • enterprise_linux

postgresql

  • postgresql