Unrated severityNVD Advisory· Published Jul 18, 2012· Updated Jun 16, 2026
CVE-2012-0866
CVE-2012-0866
Description
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
43cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*+ 39 more
- cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*
- (no CPE)range: >=8.3.0, <=8.3.18 || >=8.4.0, <=8.4.11 || >=9.0.0, <=9.0.7 || >=9.1.0, <=9.1.3
- osv-coords3 versionspkg:rpm/opensuse/postgresql93&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql94&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql95&distro=openSUSE%20Tumbleweed
< 9.3.15-1.1+ 2 more
- (no CPE)range: < 9.3.15-1.1
- (no CPE)range: < 9.4.10-1.1
- (no CPE)range: < 9.5.4-1.2
Patches
Vulnerability mechanics
References
15- www.postgresql.org/about/news/1377/nvdVendor Advisory
- kb.juniper.net/InfoCenter/indexnvd
- lists.opensuse.org/opensuse-updates/2012-09/msg00060.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-0677.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-0678.htmlnvd
- secunia.com/advisories/49272nvd
- secunia.com/advisories/49273nvd
- www.debian.org/security/2012/dsa-2418nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.postgresql.org/docs/8.3/static/release-8-3-18.htmlnvd
- www.postgresql.org/docs/8.4/static/release-8-4-11.htmlnvd
- www.postgresql.org/docs/9.0/static/release-9-0-7.htmlnvd
- www.postgresql.org/docs/9.1/static/release-9-1-3.htmlnvd
News mentions
0No linked articles in our index yet.