CVE-2007-2138

N/A Unknown
Published: April 24, 2007 Modified: April 23, 2026
View on NVD

Description

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2007-0336.html
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/24989
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/24999
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/25005
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/25019
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/25037
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/25058
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/25184
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/25238
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/25334
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/25717
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/25720
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/25725
Source: cve@mitre.org
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200705-12.xml
Source: cve@mitre.org
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102894-1
Source: cve@mitre.org
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2007-190.htm
Source: cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2007/dsa-1309
Source: cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2007/dsa-1311
Source: cve@mitre.org
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:094
Source: cve@mitre.org
Third Party Advisory
http://www.postgresql.org/about/news.791
Source: cve@mitre.org
Patch Vendor Advisory
http://www.postgresql.org/support/security.html
Source: cve@mitre.org
Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0337.html
Source: cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/23618
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1017974
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.trustix.org/errata/2007/0015/
Source: cve@mitre.org
Broken Link
http://www.ubuntu.com/usn/usn-454-1
Source: cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2007/1497
Source: cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2007/1549
Source: cve@mitre.org
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33842
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-1292
Source: cve@mitre.org
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10090
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2007-0336.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/24989
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/24999
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25005
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25019
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25037
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25058
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25184
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25238
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25334
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25717
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25720
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/25725
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200705-12.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102894-1
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2007-190.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2007/dsa-1309
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2007/dsa-1311
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:094
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.postgresql.org/about/news.791
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.postgresql.org/support/security.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0337.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/23618
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1017974
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.trustix.org/errata/2007/0015/
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.ubuntu.com/usn/usn-454-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2007/1497
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2007/1549
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33842
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-1292
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10090
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

62 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.6%
82th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

debian canonical postgresql

Related CVEs

CVE-2026-8657 8.2
CVE-2026-8656 6.1
CVE-2026-8681 5.3
CVE-2026-8704 N/A
CVE-2026-8700 N/A