Launchpad.net

CVE 2022-2625

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.

Related bugs and status

CVE-2022-2625 (Candidate) is related to these bugs:

Bug #1984012: New upstream microreleases 10.22, 12.12 and 14.5

		In	Importance	Status
1984012	New upstream microreleases 10.22, 12.12 and 14.5	postgresql-14 (Ubuntu)	Undecided	Fix Released
1984012	New upstream microreleases 10.22, 12.12 and 14.5	postgresql-12 (Ubuntu)	Undecided	Invalid
1984012	New upstream microreleases 10.22, 12.12 and 14.5	postgresql-10 (Ubuntu)	Undecided	Invalid
1984012	New upstream microreleases 10.22, 12.12 and 14.5	postgresql-10 (Ubuntu Bionic)	High	Fix Released
1984012	New upstream microreleases 10.22, 12.12 and 14.5	postgresql-14 (Ubuntu Jammy)	High	Fix Released
1984012	New upstream microreleases 10.22, 12.12 and 14.5	postgresql-12 (Ubuntu Focal)	High	Fix Released

Bug #2020742: [Debian] CVE: CVE-2023-2454/CVE-2023-2455/CVE-2022-2625: postgresql: multiple CVEs

Summary				In	Importance	Status
	2020742	[Debian] CVE: CVE-2023-2454/CVE-2023-2455/CVE-2022-2625: postgresql: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-2625

Related bugs and status

Related bugs

References