Home > mailing lists

Re: CVE-2024-10979 - Does this affect Postgres built without --with-perl option? - Mailing list pgsql-hackers

From	David G. Johnston
Subject	Re: CVE-2024-10979 - Does this affect Postgres built without --with-perl option?
Date	December 4 23:13:44
Msg-id	CAKFQuwaura8869fQeGXem2Jkpj1JTdWbdqwN4G2B+4G6e4ARdw@mail.gmail.com Whole thread Raw
In response to	CVE-2024-10979 - Does this affect Postgres built without --with-perl option? (Mark Hill <Mark.Hill@sas.com>)
List	pgsql-hackers

Tree view

On Wed, Dec 4, 2024 at 10:07 AM Mark Hill <Mark.Hill@sas.com> wrote:

Does the CVE-2024-10979 affect Postgres that is NOT built with the --with-perl option?

It requires the attacker being able to write and get executed a PL function in the server written in pl/perl. That is impossible if the server hasn't been compiled using the --with-perl option.

David J.

pgsql-hackers by date:

From: Mark Hill
Date: 04 December, 23:07:32
Subject: CVE-2024-10979 - Does this affect Postgres built without --with-perl option?

From: Peter Eisentraut
Date: 04 December, 23:14:48
Subject: Re: [18] Unintentional behavior change in commit e9931bfb75

Re: CVE-2024-10979 - Does this affect Postgres built without --with-perl option? - Mailing list pgsql-hackers

Previous

Next