VDB

GCVE-110-MAGEIA-2017-428

GCVE-110-MAGEIA-2017-428
Advisory Published
Vulnetix · Advisory published November 29, 2017
The startup log file for the postmaster (in newer releases, "postgres") process was opened while the process was still owned by root. With this setup, the database owner could specify a file that they did not have access to and cause the file to be corrupted with logged data (CVE-2017-12172). Crash due to rowtype mismatch in json{b}_populate_recordset(). These functions used the result rowtype specified in the FROM ... AS clause without checking that it matched the actual rowtype of the supplied tuple value. If it didn't, that would usually result in a crash, though disclosure of server memory contents seems possible as well (CVE-2017-15098). The "INSERT ... ON CONFLICT DO UPDATE" would not check to see if the executing user had permission to perform a "SELECT" on the index performing the conflicting check. Additionally, in a table with row-level security enabled, the "INSERT ... ON CONFLICT DO UPDATE" would not check the SELECT policies for that table before performing the update (CVE-2017-15099).

Affected Products

VendorProductVersionsPlatforms
Mageiapostgresql9.40 (affected), 9.4.15-1.mga6 (unaffected)
Mageiapostgresql9.30 (affected), 9.3.20-1.mga5 (unaffected)
Mageiapostgresql9.60 (affected), 9.6.6-1.mga6 (unaffected)
Mageiapostgresql9.49.4.15-1.mga5 (unaffected), 0 (affected)

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›