VYPR
Get started
← All advisories
High severity7.5NVD Advisory· Published May 12, 2017· Updated May 13, 2026

CVE-2017-7484

CVE-2017-7484

Description

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

Affected products

41
  • PostgreSQL/PostgreSQL40 versions
    cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*+ 39 more
    • cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*range: <=9.2.20
    • cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.13:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.14:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.15:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.16:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.4.10:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.4.11:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.4.9:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.6:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*
  • The PostgreSQL Global Development Group/PostgreSQLv5
    Range: 9.2 - 9.6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.