Home > mailing lists

Help needed with a reproducer for CVE-2020-25695 not based on REFRESH MATERIALIZED VIEW - Mailing list pgsql-hackers

From	Patrik Novotny
Subject	Help needed with a reproducer for CVE-2020-25695 not based on REFRESH MATERIALIZED VIEW
Date	April 30, 2021 16:13:43
Msg-id	CAE_EZkgBj6kt4XdOTM=Tq-7teu8y9uf-XCEPVQMz=fhFwYQ4WA@mail.gmail.com Whole thread Raw
Responses	Re: Help needed with a reproducer for CVE-2020-25695 not based on REFRESH MATERIALIZED VIEW (Patrik Novotny <panovotn@redhat.com>)
List	pgsql-hackers

Tree view

Hi,

I need to reproduce the CVE-2020-25695 on PostgreSQL 9.2.24. I know this is not a supported version, however, it is important for us to have a reproducer for this version as well.

The reproducer for supported versions[1] is based on REFRESH MATERIALIZED VIEW which is not implemented until version 9.3.

I was trying to reproduce this using ANALYZE as you can see in this poc.sql file[2]. However, it doesn't reproduce the issue.

It would be really appreciated if someone could take a look at it and help.

[1] https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/test/regress/sql/privileges.sql;h=013bc95c74bd20e5ab7f1826ea7e676da2a0e85b;hb=HEAD#l896

[2] https://pastebin.com/6hgziYRD

Regards,

Patrik Novotný
Associate Software Engineer
Red Hat
panovotn@redhat.com

pgsql-hackers by date:

From: Matthias van de Meent
Date: 30 April 2021, 13:04:44
Subject: Re: MaxOffsetNumber for Table AMs

From: Amit Langote
Date: 30 April 2021, 16:57:02
Subject: Re: ALTER TABLE .. DETACH PARTITION CONCURRENTLY

Help needed with a reproducer for CVE-2020-25695 not based on REFRESH MATERIALIZED VIEW - Mailing list pgsql-hackers

Previous

Next