#VU62716 Input validation error in Postgresql JDBC Driver


Vulnerability identifier: #VU62716

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26520

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Postgresql JDBC Driver
Universal components / Libraries / Libraries used by multiple products

Vendor: PostgreSQL Global Development Group

Description

The vulnerability allows a remote attacker to create arbitrary files on the system.

The vulnerability exists due to insufficient validation of user-supplied input when handling jdbc URL or its properties. A remote attacker can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties.

Successful exploitation of the vulnerability may allow an attacker to create and executable arbitraru JSP file under a Tomcat web root.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Postgresql JDBC Driver: 42.3.0 - 42.3.2, 42.2.0 - 42.2.25, 42.1.0 - 42.1.4


External links
http://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
http://jdbc.postgresql.org/documentation/changelog.html#version_42.3.3
http://github.com/pgjdbc/pgjdbc/pull/2454/commits/017b929977b4f85795f9ad2fa5de6e80978b8ccc
http://jdbc.postgresql.org/documentation/head/tomcat.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability