VDB
GCVE-110-MAGEIA-2024-301
GCVE-110-MAGEIA-2024-301
Advisory Published
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in
PostgreSQL allows an object creator to execute arbitrary SQL functions
as the user running pg_dump, which is often a superuser. The attack
involves replacing another relation type with a view or foreign table.
The attack requires waiting for pg_dump to start, but winning the race
condition is trivial if the attacker retains an open transaction.
(CVE-2024-7348)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | postgresql13 | 0 (affected), 13.16-1.mga9 (unaffected) | — |
| Mageia | postgresql15 | 15.8-1.mga9 (unaffected), 0 (affected) | — |
References
Browse GCVE Records
73,161 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.