CVE-2020-14349: SQL Injection
First published: Tue Aug 04 2020(Updated: )
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/rh-postgresql10-postgresql | <0:10.14-1.el7 | 0:10.14-1.el7 |
| redhat/rh-postgresql12-postgresql | <0:12.4-1.el7 | 0:12.4-1.el7 |
| redhat/rhvm-appliance | <0:4.4-20210310.0.el8e | 0:4.4-20210310.0.el8e |
| redhat/postgresql | <12.4 | 12.4 |
| redhat/postgresql | <11.9 | 11.9 |
| redhat/postgresql | <10.14 | 10.14 |
| ubuntu/postgresql-10 | <10.14-0ubuntu0.18.04.1 | 10.14-0ubuntu0.18.04.1 |
| ubuntu/postgresql-10 | <10.14 | 10.14 |
| ubuntu/postgresql-12 | <12.4-0ubuntu0.20.04.1 | 12.4-0ubuntu0.20.04.1 |
| ubuntu/postgresql-12 | <12.4-1 | 12.4-1 |
| ubuntu/postgresql-9.5 | <9.5.23 | 9.5.23 |
| debian/postgresql-11 | 11.16-0+deb10u1 11.22-0+deb10u1 | |
| PostgreSQL PostgreSQL | >=10.0<10.14 | |
| PostgreSQL PostgreSQL | >=11.0<11.9 | |
| PostgreSQL PostgreSQL | >=12.0<12.4 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1865744
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00049.html
- https://security.gentoo.org/glsa/202008-13
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00003.html
- https://usn.ubuntu.com/4472-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00008.html
- https://security.netapp.com/advisory/ntap-20200918-0002/
- https://launchpad.net/bugs/cve/CVE-2020-14349
- https://access.redhat.com/security/cve/CVE-2018-1058
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1868662
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1868663
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1868665
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1868667
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=11da97024abbe76b8c81e3f2375b2a62e9717c67
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cec57b1a0fbcd3833086ba686897c5883e0a2afc
- https://access.redhat.com/errata/RHSA-2020:3669
- https://access.redhat.com/security/cve/cve-2020-14349
- https://access.redhat.com/errata/RHSA-2020:5110
- https://access.redhat.com/errata/RHSA-2020:5112
- https://access.redhat.com/errata/RHSA-2020:5620
- https://access.redhat.com/errata/RHSA-2020:5664
- https://access.redhat.com/errata/RHSA-2021:0163
- https://access.redhat.com/errata/RHSA-2021:0166
- https://access.redhat.com/errata/RHSA-2021:0988
- https://www.cve.org/CVERecord?id=CVE-2020-14349 https://nvd.nist.gov/vuln/detail/CVE-2020-14349
- https://www.postgresql.org/about/news/2060/
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=11da97024abbe76b8c81e3f2375b2a62e9717c67
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cec57b1a0fbcd3833086ba686897c5883e0a2afc
- https://security-tracker.debian.org/tracker/CVE-2020-14349
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14349
- https://ubuntu.com/security/notices/USN-4472-1
- https://nvd.nist.gov/vuln/detail/CVE-2020-14349
- https://ubuntu.com/security/CVE-2020-14349
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2020-14349?
CVE-2020-14349 is a vulnerability that affects PostgreSQL versions before 12.4, before 11.9, and before 10.14. It allows an authenticated attacker to execute arbitrary SQL commands in the user's context for replication.
How does CVE-2020-14349 impact PostgreSQL?
CVE-2020-14349 impacts PostgreSQL by not properly sanitizing the search_path during logical replication, which allows an attacker to execute arbitrary SQL commands in the user's context for replication.
What is the severity of CVE-2020-14349?
CVE-2020-14349 has a severity value of 7 (high).
Which versions of PostgreSQL are affected by CVE-2020-14349?
CVE-2020-14349 affects versions before 12.4, before 11.9, and before 10.14 of PostgreSQL.
How can I fix the CVE-2020-14349 vulnerability?
To fix the CVE-2020-14349 vulnerability, you should update PostgreSQL to version 12.4, version 11.9, or version 10.14.
- collector/redhat-cve
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/remedy
- agent/type
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14349
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/tags
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- package-manager/ubuntu
- package-manager/debian
- vendor/postgresql
- canonical/postgresql postgresql
- version/postgresql postgresql/10.0
- version/postgresql postgresql/11.0
- version/postgresql postgresql/12.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/15.2