Exploitation Summary
EIP tracks 2 public exploits for CVE-2024-27304. PoCs published by flying-owl, roaris.
AI-analyzed exploit summary The repository contains a functional exploit PoC for CVE-2024-27304, targeting a vulnerability in Go-PGX. The exploit involves decoding base64-encoded usernames to files, which can be manipulated to achieve unauthorized access or command execution.
Description
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
Exploits (2)
The repository contains a functional exploit PoC for CVE-2024-27304, targeting a vulnerability in Go-PGX. The exploit involves decoding base64-encoded usernames to files, which can be manipulated to achieve unauthorized access or command execution.
This repository contains a proof-of-concept exploit for CVE-2024-27304, targeting a SQL injection vulnerability in pgx v5.5.3 via PostgreSQL protocol message size overflow. The exploit demonstrates how an attacker can inject malicious queries by manipulating the message format sent to the database server.
References (7)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H