Impact of vulnerabilities related to PostgreSQL on Carbon Black EDR
Article ID: 392950
Updated On:
Products
Issue/Introduction
There are few vulnerabilities found on PostgreSQL (PgSQL) component used in Carbon Black (CB) EDR and you need to know the impact/remediation.
CVE-2024-10979: Incorrect control of environment variables in PostgreSQL.
Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
CVE-2024-7348: Time-of-check Time-of-use (TOCTOU) race condition in pg_dump
Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
CVE-2024-4317: Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user.
Versions before PostgreSQL 14 are unaffected.
CVE-2025-1094: Improper neutralization of quoting syntax
Environment
CB EDR 7.8.0/7.8.1
Resolution
CB EDR is not impacted by the PostgreSQL vulnerabilities as follows:
- It uses PostgreSQL programmatically, not the interactive terminal.
- Access to the interactive terminal requires administrator privileges and EDR server access.
Additional Information
CB EDR 7.8.0/7.8.1 uses PgSQL version 13.18 which is not vulnerable build for these CVEs: CVE-2024-10979, CVE-2024-7348, CVE-2024-4317
With reference to CVE-2025-1094, versions below 13.19 are affected. However, no impact on EDR as stated in Resolution section above.
Additionally, PgSQL version is upgraded to 13.22.1 in EDR Release 7.9.0. So, an upgraded can be also considered if it is getting flagged in any vulnerability report.
Feedback
