virus logo FortiClient Vulnerability

PostgreSQL CVE-2020-25696 Incorrect Comparison Vulnerability

description-logoDescription

The gsetmeta-command, which setspsqlvariables based on query results, does not distinguish variables that controlpsqlbehavior. If an interactivepsqlsession uses gsetwhen querying a compromised server, the attacker can execute arbitrary code as the operating system account runningpsql. Using gsetwith a prefix not found among specially treated variables, e.g. any lowercase string, precludes the attack in an unpatchedpsql.

affected-products-logoAffected Applications

PostgreSQL

CVE References

CVE-2020-25696

Other References

https://www.postgresql.org/support/security/
ID 68990
Created Sep 05, 2021
Description
Updated		 Jan 16, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS MacOS
Vendor PostgreSQL
Patch manual
Application PostgreSQL