Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
12.0-112.1-112.1-2build112.10-0ubuntu0.20.04.112.11-0ubuntu0.20.04.112.12-0ubuntu0.20.04.112.13-0ubuntu0.20.04.112.14-0ubuntu0.20.04.112.15-0ubuntu0.20.04.112.16-0ubuntu0.20.04.1+16 more14.23-0ubuntu0.22.04.116.14-0ubuntu0.24.04.117.10-0ubuntu0.25.10.118.4-0ubuntu0.26.04.19.3.1-19.3.10-0ubuntu0.14.049.3.11-0ubuntu0.14.049.3.12-0ubuntu0.14.049.3.13-0ubuntu0.14.049.3.14-0ubuntu0.14.049.3.15-0ubuntu0.14.049.3.16-0ubuntu0.14.049.3.17-0ubuntu0.14.049.3.18-0ubuntu0.14.04.1+19 more9.5.0-19.5.0-29.5.0-39.5.1-19.5.10-0ubuntu0.16.049.5.11-0ubuntu0.16.049.5.12-0ubuntu0.16.049.5.13-0ubuntu0.16.049.5.14-0ubuntu0.16.049.5.16-0ubuntu0.16.04.1+24 more10.1-110.1-210.10-0ubuntu0.18.04.110.12-0ubuntu0.18.04.110.14-0ubuntu0.18.04.110.15-0ubuntu0.18.04.110.16-0ubuntu0.18.04.110.17-0ubuntu0.18.04.110.18-0ubuntu0.18.04.110.19-0ubuntu0.18.04.1+16 moreExploitability
AV:NAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H