CVE-2022-2625
- ULN >
- Oracle Linux CVE repository >
- CVE-2022-2625
CVE Details
| Release Date: | 2022-08-18 |
Description
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.
See more information about CVE-2022-2625 from MITRE CVE dictionary and NIST NVD
CVSS v3.0 metrics
NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.
| Base Score: | 8 | Base Metrics: | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Access Vector: | Network | Attack Complexity: | Low |
| Privileges Required: | Low | User Interaction: | Required |
| Scope: | Unchanged | Confidentiality Impact: | High |
| Integrity Impact: | High | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (pg_repack) | ELSA-2022-7128 | 2022-10-27 |
| Oracle Linux version 8 (pg_repack) | ELSA-2023-1576 | 2023-04-05 |
| Oracle Linux version 8 (pgaudit) | ELSA-2022-7128 | 2022-10-27 |
| Oracle Linux version 8 (pgaudit) | ELSA-2023-1576 | 2023-04-05 |
| Oracle Linux version 8 (postgres-decoderbufs) | ELSA-2022-7128 | 2022-10-27 |
| Oracle Linux version 8 (postgres-decoderbufs) | ELSA-2023-1576 | 2023-04-05 |
| Oracle Linux version 8 (postgresql) | ELSA-2022-7128 | 2022-10-27 |
| Oracle Linux version 8 (postgresql) | ELSA-2023-0113 | 2023-01-14 |
| Oracle Linux version 8 (postgresql) | ELSA-2023-1576 | 2023-04-05 |
| Oracle Linux version 9 (postgresql) | ELSA-2023-1693 | 2023-04-11 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
