Launchpad.net

CVE 2020-14350

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.

Related bugs and status

CVE-2020-14350 (Candidate) is related to these bugs:

Bug #1892335: New upstream microreleases 9.5.23 10.14 and 12.4

		In	Importance	Status
1892335	New upstream microreleases 9.5.23 10.14 and 12.4	postgresql-12 (Ubuntu)	Undecided	Fix Released
1892335	New upstream microreleases 9.5.23 10.14 and 12.4	postgresql-12 (Ubuntu Focal)	Undecided	Fix Released
1892335	New upstream microreleases 9.5.23 10.14 and 12.4	postgresql-10 (Ubuntu Bionic)	Undecided	Fix Released
1892335	New upstream microreleases 9.5.23 10.14 and 12.4	postgresql-9.5 (Ubuntu Xenial)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-14350

Related bugs and status

Related bugs

References