Vulnerability identifier: #VU45749
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote user to escalate privileges within the database.
The vulnerability exists due to the way PostgreSQL handles
CREATE EXTENSION statements. A remote user with permission to create objects in the new extension's schema
or a schema of a prerequisite extension can execute arbitrary SQL functions under the identity of the superuser in certain cases.
Install updates from vendor's website.
Vulnerable software versions
PostgreSQL: 12.0 - 12.3, 11.0 - 11.8, 10.0 - 10.13, 9.6.0 - 9.6.18, 9.5 - 9.5.22
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?