Endpoint Vulnerability

PostgreSQL: pageinspect does not check permissions for BRIN indexes

Description

An authorization flaw was found in the way PostgreSQL handled large objects. A remote authenticated attacker with no privileges on a large object could potentially use this flaw to overwrite the entire content of the object, thus resulting in denial of service.

Affected Products

PostgreSQL

References

CVE-2016-3065,