Hi,
I need to reproduce the CVE-2020-25695 on PostgreSQL 9.2.24. I know this is
not a supported version, however, it is important for us to have a
reproducer for this version as well.
The reproducer for supported versions[1] is based on REFRESH MATERIALIZED
VIEW which is not implemented until version 9.3.
I was trying to reproduce this using ANALYZE as you can see in this poc.sql
file[2]. However, it doesn't reproduce the issue.
It would be really appreciated if someone could take a look at it and help.
[1]
https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/test/regress/sql/privileges.sql;h=013bc95c74bd20e5ab7f1826ea7e676da2a0e85b;hb=HEAD#l896
[2] https://pastebin.com/6hgziYRD
Regards,
--
Patrik Novotný
Associate Software Engineer
Red Hat
panovotn(at)redhat(dot)com