High severity7.5NVD Advisory· Published Aug 16, 2017· Updated May 13, 2026

CVE-2017-7548

Description

PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.

Affected products

PostgreSQL/PostgreSQL2 versions
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*range: >=9.4,<9.4.13
- (no CPE)range: 9.4.x before 9.4.13
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2017/dsa-3935nvdThird Party Advisory
www.debian.org/security/2017/dsa-3936nvdThird Party Advisory
www.securityfocus.com/bid/100276nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039142nvdThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2017:2677nvdThird Party Advisory
access.redhat.com/errata/RHSA-2017:2678nvdThird Party Advisory
security.gentoo.org/glsa/201710-06nvdThird Party Advisory
www.postgresql.org/about/news/1772/nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000