postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
| Link | Tags |
|---|---|
| https://usn.ubuntu.com/3818-1/ | vendor advisory third party advisory |
| https://access.redhat.com/errata/RHSA-2018:3757 | vendor advisory third party advisory |
| https://www.postgresql.org/about/news/1905/ | vendor advisory release notes |
| http://www.securitytracker.com/id/1042144 | vdb entry third party advisory |
| https://security.gentoo.org/glsa/201811-24 | mitigation vendor advisory third party advisory |
| http://www.securityfocus.com/bid/105923 | vdb entry third party advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850 | issue tracking third party advisory patch |