Search for packages
| purl | pkg:generic/postgresql@16.4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1yyd-u1nn-aaaj | Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. |
CVE-2024-7348
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-25T18:29:46.199289+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 36.1.3 |
| 2025-06-04T05:59:06.539717+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 36.1.0 |
| 2025-06-02T20:35:49.623964+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 36.1.2 |
| 2025-03-28T07:42:15.651213+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 36.0.0 |
| 2024-11-18T17:45:33.870748+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 34.3.2 |
| 2024-09-18T01:54:06.728091+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 34.0.1 |
| 2024-08-08T18:01:24.518623+00:00 | PostgreSQL Importer | Fixing | VCID-1yyd-u1nn-aaaj | https://www.postgresql.org/support/security/CVE-2024-7348 | 34.0.0rc4 |