Multiple vulnerabilities detected in PostgreSQL

Brocade SANnav

0 more products

35916

08 July 2025

08 July 2025

CLOSED

LOW

Varies

CVE-2025-1094, CVE-2024-10979, CVE-2024-10978, CVE-2024-10977, CVE-2024-10976, CVE-2024-7348, CVE-2024-1597

Brocade Security Advisory ID

BSA-2025-3032

Component

PostgreSQL

 

 

Summary

Multiple PostgreSQL vulnerability updates

  • CVE-2025-1094-PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
  • CVE-2024-10979-PostgreSQL PL/Perl environment variable changes execute arbitrary code
  • CVE-2024-10978-PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
  • CVE-2024-10977-PostgreSQL libpq retains an error message from man-in-the-middle
  • CVE-2024-10976 -PostgreSQL row security below e.g. subqueries disregards user ID changes
  • CVE-2024-7348 - PostgreSQL relation replacement during pg_dump executes arbitrary SQL
  • CVE-2024-1597 -  PostgreSQL JDBC Driver injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value

 

Products Affected

  • Brocade SANnav versions before 2.4.0a contain the vulnerable code, however, SANnav is not exploitable [VEX Justification: Vulnerable_code_cannot_be_contolled_by_adversary]

Products Not Affected

  • Brocade Fabric OS
    [VEX Justification: Component_not_present] 
  • Brocade ASCG
    [VEX Justification: Component_not_present]

Solution

  • Security update provided in Brocade SANnav 2.4.0a

 

Revision History

Version

Change

Date

1.0

Initial Publication

 July 8, 2025

 

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.