ubuntu · CVE-2017-7484

Quick triage

Priority: low Published: 2017-05-12 19:29:00 UTC Updated: 2025-08-25 22:37:43 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-7484 low priority: Ubuntu including 5 source packages (postgresql-10, postgresql-9.1, postgresql-9.3, postgresql-9.5, postgresql-9.6), 44 status rows across 9 suites (artful, bionic, cosmic, disco, trusty, upstream, xenial, yakkety, zesty): DNE 32, released 5, not-affected 3, needed 2, ignored 1, needs-triage 1.

Description:

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

cvelogic Threat Intelligence