CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-7348

Critical Severity
Postgresql
SVRS
71/100
CVSSv3
7.5/10
EPSS
0.00161/1

CVE-2024-7348 is a critical Time-of-check Time-of-use (TOCTOU) race condition vulnerability affecting pg_dump in PostgreSQL. It allows a malicious object creator to execute arbitrary SQL functions with the privileges of the user running pg_dump, typically a superuser. While the CVSS score is 7.5, the SOCRadar Vulnerability Risk Score (SVRS) of 71 indicates a high risk that should be addressed promptly. An attacker can exploit this by replacing a relation with a view or foreign table while pg_dump is running. This vulnerability is significant because successful exploitation grants elevated privileges, potentially compromising the entire database. Patches are available for PostgreSQL versions 16.4, 15.8, 14.13, 13.16, and 12.20, so immediate updating is strongly advised to mitigate this threat. Due to the In The Wild tag it is highly recommended that you apply the relevant patches.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-08-08
LAST MODIFIED2024-08-12
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-7348 is a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in pg_dump in PostgreSQL. It allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction.

Key Insights

  • The vulnerability has a CVSS score of 8.8, indicating high severity.
  • The SVRS score of 36 indicates a moderate level of risk.
  • The vulnerability affects PostgreSQL versions before 16.4, 15.8, 14.13, 13.16, and 12.20.

Mitigation Strategies

  • Update to PostgreSQL version 16.4, 15.8, 14.13, 13.16, or 12.20 or later.
  • Restrict access to the pg_dump utility to only authorized users.
  • Monitor for suspicious activity and investigate any unauthorized access to the database.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • Active exploits have been published.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

USN-6968-3: PostgreSQL vulnerability
2024-10-14
USN-6968-3: PostgreSQL vulnerability | USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16. This update provides the corresponding updates for PostgreSQL-9.3 in Ubuntu 14.04 LTS and PostgreSQL-10 in Ubuntu 18.04 LTS. Original advisory details: Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could possibly use this issue to execute arbitrary SQL functions as the superuser.
ubuntu.com
rss
forum
news
Weekly Intelligence Report – 16 Aug 2024 - CYFIRMA
2024-08-16
Weekly Intelligence Report – 16 Aug 2024 - CYFIRMA | News Content: Published On : 2024-08-16 Ransomware of the Week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – which could be relevant to your organization. Type: Ransomware Target Technologies: MS Windows Introduction CYFIRMA Research and Advisory Team has found OceanSpy ransomware while monitoring various underground forums as part of our Threat Discovery Process. OceanSpy Researchers uncovered a new ransomware dubbed OceanSpy, a ransomware variant based on the Chaos, designed to encrypt files and append a
google.com
rss
cve-2024-7348
domains
Tageszusammenfassung - 09.08.2024
CERT.at2024-08-09
Tageszusammenfassung - 09.08.2024 | End-of-Day report Timeframe: Donnerstag 08-08-2024 18:00 - Freitag 09-08-2024 18:00 Handler: Robert Waldner Co-Handler: n/a News Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browsers executables to hijack homepages and steal browsing history.
cve-2024-38077
cve-2024-26308
cve-2024-37532
cve-2023-38018

Social Media

1️⃣ A high severity vulnerability was found in #PostgreSQL versions before 16.4. Attackers can exploit a race condition to execute SQL functions as a superuser. Upgrade to version 16.4 for enhanced security (Reference: CVE-2024-7348).
1
0
0
『(TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser.』 CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL https://t.co/MjECWK8wg3 iocs: https://www.postgresql.org/support/security/CVE-2024-7348/
0
0
0
🚨🚨Security Flaw in PostgreSQL: CVE-2024-7348 Allows Arbitrary SQL Execution The vulnerability allows an attacker with the ability to create objects within the database to exploit the race condition, enabling the execution of arbitrary SQL functions as the user running pg_dump. https://t.co/odYALbSRKL
0
0
1
Security Flaw in PostgreSQL: CVE-2024-7348 Allows Arbitrary SQL Execution Learn about the critical #PostgreSQL security advisory (CVE-2024-7348, CVSS 8.8) and how it exposes users to the risk of arbitrary SQL execution. https://t.co/pOOIageYvI
0
0
0
🗣 Security Flaw in PostgreSQL: CVE-2024-7348 Allows Arbitrary SQL Execution https://t.co/pEFPbyBNZO #security #cybernews #cybersecurity #fridaysecurity #linkedin #twitter #telegram
0
0
0
CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL https://t.co/NHgZ672eKW
0
0
0
PostgreSQL - CVE-2024-7348 https://t.co/HwzLy3uJXP
0
0
0
🚨 Critical #security update for PostgreSQL-13! A flaw (CVE-2024-7348) in pg_dump could allow privilege escalation. Patch now to safeguard your system! Details at https://t.co/Z276b2xQVD 👾 #CyberSecurity #PostgreSQL
0
0
0
CVE-2024-7348 Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, whic… https://t.co/lbOQAgzDME
0
0
1

Affected Software

Configuration 1
TypeVendorProduct
AppPostgresqlpostgresql

References

ReferenceLink
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://www.postgresql.org/support/security/CVE-2024-7348/

CWE Details

CWE IDCWE NameDescription
CWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionThe software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence