CVE-2024-10979

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.postgresql.org/support/security/CVE-2024-10979/	Vendor Advisory
https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md	Exploit Mitigation Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html
https://security.netapp.com/advisory/ntap-20250110-0003/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::

History

03 Nov 2025, 22:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html -

Information

Published : 2024-11-14 13:15

Updated : 2025-11-03 22:16

NVD link : CVE-2024-10979

Mitre link : CVE-2024-10979

CVE.ORG link : CVE-2024-10979

JSON object : View

Products Affected

postgresql

postgresql

CWE

CWE-15

External Control of System or Configuration Setting

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

{"id": "CVE-2024-10979", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-11-14T13:15:04.407", "references": [{"url": "https://www.postgresql.org/support/security/CVE-2024-10979/", "tags": ["Vendor Advisory"], "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"}, {"url": "https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20250110-0003/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "description": [{"lang": "en", "value": "CWE-15"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-610"}]}], "descriptions": [{"lang": "en", "value": "Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected."}, {"lang": "es", "value": "El control incorrecto de las variables de entorno en PostgreSQL PL/Perl permite que un usuario de base de datos sin privilegios modifique variables de entorno de proceso sensibles (por ejemplo, PATH). Esto suele ser suficiente para permitir la ejecuci\u00f3n de c\u00f3digo arbitrario, incluso si el atacante no tiene un usuario del sistema operativo del servidor de base de datos. Las versiones anteriores a PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17 y 12.21 se ven afectadas."}], "lastModified": "2025-11-03T22:16:37.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "433D59A0-8811-4DDB-A9F7-D85C62F905CC", "versionEndExcluding": "12.21", "versionStartIncluding": "12.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "380F8048-FBE5-4606-93A3-915CFD229317", "versionEndExcluding": "13.17", "versionStartIncluding": "13.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FACF31C7-3B20-4BAE-A596-9C59D67406D8", "versionEndExcluding": "14.14", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF12F1A2-3179-4DAC-B728-038B94954DC7", "versionEndExcluding": "15.9", "versionStartIncluding": "15.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "353CBD91-FC28-4DA3-B79A-F4F4DC80FA93", "versionEndExcluding": "16.5", "versionStartIncluding": "16.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCEB2049-EB8A-4703-B3FF-FC641623ED2C", "versionEndExcluding": "17.1", "versionStartIncluding": "17.0"}], "operator": "OR"}]}], "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"}