postgresql postgresql CVE-2020-25696 in PostgreSQL and Debian Products
Published on November 23, 2020

product logo product logo
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vendor Advisory NVD

Weakness Type

What is an Allowlist / Allow List Vulnerability?

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

CVE-2020-25696 has been classified to as an Allowlist / Allow List vulnerability or weakness.


Products Associated with CVE-2020-25696

stack.watch emails you whenever new vulnerabilities are published in PostgreSQL or Debian Linux. Just hit a watch button to start following.

PostgreSQL
 
Debian Linux
 

Exploit Probability

EPSS
0.47%
Percentile
64.58%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.