News & Alerts

Two-Decade-Old PostgresSQL Flaw Now Targeted by Public Exploit Code

A publicly released exploit targets a heap buffer overflow in PostgreSQL's pgcrypto extension that can give attackers full operating system command execution.

CSBadmin
CSBadmin
2 Min Read

Legacy Flaw Surfaces in PostgreSQL PGP Module

A serious remote code execution vulnerability has been found hiding in PostgreSQL code dating back nearly twenty years. The flaw lives within the pgcrypto extension, specifically in how it handles PGP session keys. An attacker can trigger a heap-based buffer overflow by sending a carefully crafted PGP message, leading to arbitrary memory reads and writes.

Contents
Legacy Flaw Surfaces in PostgreSQL PGP ModuleHow the Exploit Achieves Full System AccessImpact and Scope

This level of memory access can allow an attacker to gain superuser privileges inside the database and then execute commands on the operating system itself. The weakness remained dormant for years until security researcher Varik Matevosyan uncovered the issue and published a proof-of-concept exploit.

How the Exploit Achieves Full System Access

The exploit works by first corrupting heap memory structures, which causes PostgreSQL to leak information about the heap layout when it tries to free the corrupted memory. This leak lets the attacker scan for code pointers and calculate important memory addresses, bypassing standard protections like ASLR.

Once the attacker locates key internal variables, they overwrite the CurrentUserId field to match the bootstrap superuser identifier. This privilege escalation inside PostgreSQL enables the attacker to abuse the COPY FROM PROGRAM feature, which runs arbitrary commands on the host system under the PostgreSQL service account. The exploit relies on specific compiled versions of PostgreSQL and uses Python tools for delivery.

Impact and Scope

While successful exploitation requires specific PostgreSQL builds, the existence of a public exploit raises concerns for database administrators running older or unpatched versions of the software. The vulnerability underscores how legacy code in widely deployed infrastructure can pose serious risks years after it is written.

Organizations should verify their PostgreSQL installations are updated with the latest patches. Security teams are advised to monitor for unusual database activity, especially unexpected COPY FROM PROGRAM operations, which could indicate active exploitation attempts.

Source: Cyber Security News

CSBadmin

The latest in cybersecurity news and updates.

TAGGED:
Share This Article
ByCSBadmin
Follow:
The latest in cybersecurity news and updates.
Previous Article Malicious VS Code Extension Targets Developers with Credential Theft
Next Article MacOS Systems at Risk From Metadata Processing Flaw in Popular Tool

Trending

Related Stories

CSBadmin

Pwn2Own Berlin Day 2 Reveals Critical Zero Days in Exchange, Windows and AI Tools

CSBadmin

SAP S/4HANA Code Injection Flaw Under Active Exploitation, Patch Now Urged

CSBadmin

INTERPOL Ramz Initiative Targets Phishing and Scam Operations Across 13 Countries

CSBadmin

Crypto ATM Scams Surge 58% in 2025 as FBI Reports Record Losses