How severe is CVE-2024-7348?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-7348?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2024-7348 - HIGH Severity | CVSS 7.5

Vulnerability Description

Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.

Related Vulnerabilities

CVE-2019-7347

HIGH

CVSS:7.5(High)

A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a no...

CWE-3672019

CVE-2020-14674

HIGH

CVSS:7.5(High)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult t...

CWE-3672020

CVE-2020-14675

HIGH

CVSS:7.5(High)

CWE-3672020

CVE-2020-14677

HIGH

CVSS:7.5(High)

CWE-3672020

CVE-2021-20181

HIGH

CVSS:7.5(High)

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating thei...

CWE-3672021

CVE-2021-22043

HIGH

CVSS:7.5(High)

VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escala...

CWE-3672021