Launchpad CVE tracker

CVE 2023-2454

schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.

Related bugs and status

CVE-2023-2454 (Candidate) is related to these bugs:

Bug #2019214: New upstream microreleases 12.15, 14.8, and 15.3

		In	Importance	Status
2019214	New upstream microreleases 12.15, 14.8, and 15.3	postgresql-15 (Ubuntu)	Undecided	Fix Released
2019214	New upstream microreleases 12.15, 14.8, and 15.3	postgresql-15 (Ubuntu Lunar)	Undecided	Fix Released
2019214	New upstream microreleases 12.15, 14.8, and 15.3	postgresql-14 (Ubuntu Kinetic)	Undecided	Fix Released
2019214	New upstream microreleases 12.15, 14.8, and 15.3	postgresql-14 (Ubuntu Jammy)	Undecided	Fix Released
2019214	New upstream microreleases 12.15, 14.8, and 15.3	postgresql-12 (Ubuntu Focal)	Undecided	Fix Released
2019214	New upstream microreleases 12.15, 14.8, and 15.3	postgresql-15 (Ubuntu Mantic)	Undecided	Fix Released

Bug #2020742: [Debian] CVE: CVE-2023-2454/CVE-2023-2455/CVE-2022-2625: postgresql: multiple CVEs

Summary				In	Importance	Status
	2020742	[Debian] CVE: CVE-2023-2454/CVE-2023-2455/CVE-2022-2625: postgresql: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-2454

References