| From: | Patrik Novotny <panovotn(at)redhat(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Help needed with a reproducer for CVE-2020-25695 not based on REFRESH MATERIALIZED VIEW |
| Date: | 2021-04-30 15:24:03 |
| Message-ID: | CAE_EZkjoWYBRj0ezmTfaN+p3u89qTJJZXGpi=E0X6VTasqO_xQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
We've figured it out. Please ignore.
Regards.
On Fri, Apr 30, 2021 at 3:13 PM Patrik Novotny <panovotn(at)redhat(dot)com> wrote:
> Hi,
>
> I need to reproduce the CVE-2020-25695 on PostgreSQL 9.2.24. I know this
> is not a supported version, however, it is important for us to have a
> reproducer for this version as well.
>
> The reproducer for supported versions[1] is based on REFRESH MATERIALIZED
> VIEW which is not implemented until version 9.3.
>
> I was trying to reproduce this using ANALYZE as you can see in this
> poc.sql file[2]. However, it doesn't reproduce the issue.
>
> It would be really appreciated if someone could take a look at it and help.
>
>
> [1]
> https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/test/regress/sql/privileges.sql;h=013bc95c74bd20e5ab7f1826ea7e676da2a0e85b;hb=HEAD#l896
> [2] https://pastebin.com/6hgziYRD
>
>
> Regards,
>
> --
> Patrik Novotný
> Associate Software Engineer
> Red Hat
> panovotn(at)redhat(dot)com
>
--
Patrik Novotný
Associate Software Engineer
Red Hat
panovotn(at)redhat(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2021-04-30 15:36:17 | Re: MaxOffsetNumber for Table AMs |
| Previous Message | Tom Lane | 2021-04-30 15:06:45 | Re: MaxOffsetNumber for Table AMs |