Vulnerability CVE-2017-7484: Information

Description

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-7484

Published: May 12, 2017

Modified: Jan. 5, 2018

Error type identifier: CWE-200

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.postgresql.org/about/news/1746/	Vendor Advisory
98459	Third Party Advisory VDB Entry
1038476
GLSA-201710-06
DSA-3851
RHSA-2017:2425
RHSA-2017:1983
RHSA-2017:1838
RHSA-2017:1678
RHSA-2017:1677

Affected configurations:
1. Configuration 1
  cpe:2.3:a:postgresql:postgresql:9.3.8:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.15:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.4.5:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.11:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.5:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.4.8:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.7:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.4.4:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.6:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.10:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.3:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
  End including
  9.2.20
  cpe:2.3:a:postgresql:postgresql:9.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.13:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.4.6:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.4.10:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.4:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.14:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.4.7:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.9:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.4:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.12:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.3.16:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.4.11:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.4.9:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.5:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.6:*:*:*:*:*:*:*
  cpe:2.3:a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*

Version: v24.5.0

Vulnerability CVE-2017-7484: Information

Description

References to Advisories, Solutions, and Tools

Configuration 1