PostgreSQL: Time-of-check Time-of-use (TOCTOU) race condition (CVE-2024-7348) #shorts #breaking

CVE

This vulnerability, known as a Time-of-check Time-of-use (TOCTOU) race condition, affects pg_dump in PostgreSQL. It allows an attacker who can create objects in the database to execute arbitrary SQL functions as the user running pg_dump, who is often a superuser. The attack is feasible because the attacker can replace one type of relation with a view or foreign table. Successfully exploiting this vulnerability requires the attacker to keep an open transaction and time their actions with the start of pg_dump. This issue impacts PostgreSQL versions earlier than 16.4, 15.8, 14.13, 13.16, and 12.20.

Watch the full video on YouTube: CVE-2024-7348

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-7348
Description
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Provider
PostgreSQL
CWE / problem types
Time-of-check Time-of-use (TOCTOU) Race Condition
Affected Software Versions
n/a:PostgreSQL:[{'lessThan': '16.4', 'status': 'affected', 'version': '16', 'versionType': 'rpm'}, {'lessThan': '15.8', 'status': 'affected', 'version': '15', 'versionType': 'rpm'}, {'lessThan': '14.13', 'status': 'affected', 'version': '14', 'versionType': 'rpm'}, {'lessThan': '13.16', 'status': 'affected', 'version': '13', 'versionType': 'rpm'}, {'lessThan': '12.20', 'status': 'affected', 'version': '0', 'versionType': 'rpm'}]
Date Published
2024-08-08T13:00:02.130Z
Last Updated
2024-08-22T18:03:18.699Z