Endpoint Vulnerability

PostgreSQL: Start scripts permit database administrator to modify root-owned files

Description

A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

Affected Products

PostgreSQL

References

CVE-2017-12172,