Search for vulnerabilities
Vulnerability details: VCID-1yyd-u1nn-aaaj
Vulnerability ID VCID-1yyd-u1nn-aaaj
Aliases CVE-2024-7348
Summary Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7348.json
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00161 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00188 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00188 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00188 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00188 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00188 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00188 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00188 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00188 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00188 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00339 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00339 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
epss 0.00822 https://api.first.org/data/v1/epss?cve=CVE-2024-7348
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-7348
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-7348
cvssv3 8.8 https://www.postgresql.org/support/security/CVE-2024-7348/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7348.json
https://api.first.org/data/v1/epss?cve=CVE-2024-7348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7348
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.netapp.com/advisory/ntap-20240822-0002/
https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
https://www.postgresql.org/support/security/CVE-2024-7348/
http://www.openwall.com/lists/oss-security/2024/08/11/1
2303682 https://bugzilla.redhat.com/show_bug.cgi?id=2303682
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
CVE-2024-7348 https://nvd.nist.gov/vuln/detail/CVE-2024-7348
GLSA-202409-02 https://security.gentoo.org/glsa/202409-02
RHSA-2024:5927 https://access.redhat.com/errata/RHSA-2024:5927
RHSA-2024:5929 https://access.redhat.com/errata/RHSA-2024:5929
RHSA-2024:5999 https://access.redhat.com/errata/RHSA-2024:5999
RHSA-2024:6000 https://access.redhat.com/errata/RHSA-2024:6000
RHSA-2024:6001 https://access.redhat.com/errata/RHSA-2024:6001
RHSA-2024:6018 https://access.redhat.com/errata/RHSA-2024:6018
RHSA-2024:6020 https://access.redhat.com/errata/RHSA-2024:6020
RHSA-2024:6137 https://access.redhat.com/errata/RHSA-2024:6137
RHSA-2024:6138 https://access.redhat.com/errata/RHSA-2024:6138
RHSA-2024:6139 https://access.redhat.com/errata/RHSA-2024:6139
RHSA-2024:6140 https://access.redhat.com/errata/RHSA-2024:6140
RHSA-2024:6141 https://access.redhat.com/errata/RHSA-2024:6141
RHSA-2024:6142 https://access.redhat.com/errata/RHSA-2024:6142
RHSA-2024:6144 https://access.redhat.com/errata/RHSA-2024:6144
RHSA-2024:6145 https://access.redhat.com/errata/RHSA-2024:6145
RHSA-2024:6557 https://access.redhat.com/errata/RHSA-2024:6557
RHSA-2024:6558 https://access.redhat.com/errata/RHSA-2024:6558
RHSA-2024:6559 https://access.redhat.com/errata/RHSA-2024:6559
RHSA-2024:8495 https://access.redhat.com/errata/RHSA-2024:8495
USN-6968-1 https://usn.ubuntu.com/6968-1/
USN-6968-2 https://usn.ubuntu.com/6968-2/
USN-6968-3 https://usn.ubuntu.com/6968-3/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7348.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-7348
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-7348
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.20333
EPSS Score 0.00050
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-08-08T18:01:16.013045+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 34.0.0rc4