virus logo FortiClient Vulnerability

PostgreSQL CVE-2020-25696 Incorrect Comparison Vulnerability

description-logoDescription

The gset meta-command, which sets psql variables based on query results, does not distinguish variables that control psql behavior. If an interactive psql session uses gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. Using gset with a prefix not found among specially treated variables, e.g. any lowercase string, precludes the attack in an unpatched psql.

affected-products-logoAffected Applications

PostgreSQL

CVE References

CVE-2020-25696

Other References

https://www.postgresql.org/support/security/
ID 68913
Created Sep 03, 2021
Description
Updated		 Dec 18, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor PostgreSQL
Patch manual
Application PostgreSQL