SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-1597

CVE-2024-1597: PostgreSQL JDBC Driver SQLi Vulnerability

CVE-2024-1597 is a SQL injection vulnerability in PostgreSQL JDBC Driver affecting PreferQueryMode=SIMPLE configurations. Attackers can bypass parameterized query protections. This article covers technical details, affected versions, and mitigation strategies.

Updated:

CVE-2024-1597 Overview

pgjdbc, the PostgreSQL JDBC Driver, allows an attacker to inject SQL if using PreferQueryMode=SIMPLE. This is not the default configuration, and the default mode does not present this vulnerability. The vulnerability occurs when a placeholder for a numeric value is immediately preceded by a minus sign. Additionally, there is a requirement for a second placeholder for a string value on the same line. By crafting an appropriate string payload, an attacker can inject SQL, bypassing the protections against SQL Injection attacks that are generally provided by parameterized queries.

Critical Impact

This vulnerability can be exploited remotely with no authentication required. It poses a high risk due to its critical severity score of 9.8.

Affected Products

  • postgresql postgresql_jdbc_driver
  • fedoraproject fedora

Discovery Timeline

  • 2024-02-19 - CVE-2024-1597 published to NVD
  • 2025-11-03 - Last updated in NVD database

Technical Details for CVE-2024-1597

Vulnerability Analysis

This vulnerability is associated with the PostgreSQL JDBC Driver (pgjdbc). It manifests when using PreferQueryMode=SIMPLE, which reduces the protection that parameterized queries provide against SQL injection. The vulnerability arises from improper input validation in the construction of SQL queries. An attacker can manipulate input data to alter the SQL command's logic.

Root Cause

The root cause is improper validation of input placeholders in mode PreferQueryMode=SIMPLE, which allows SQL injection.

Attack Vector

The attack vector is Network, meaning an attacker can exploit this vulnerability remotely without any prior access to the system.

sql
-- Example exploitation code (sanitized)
SELECT * FROM users WHERE id = ? AND name = ?;
-- Malicious input could alter the query to
SELECT * FROM users WHERE id = -1 OR 1=1; -- AND name = '';

Detection Methods for CVE-2024-1597

Indicators of Compromise

  • Anomalous SQL queries in logs
  • Usage of special characters in input fields
  • Inclusion of comment markers (--) in SQL queries

Detection Strategies

Detection involves monitoring SQL logs for suspicious patterns that deviate from regular query structures. Unusual use of operators, comments, or logical operations should be reviewed.

Monitoring Recommendations

Implement SQL query logging and alerting using IDS/IPS systems capable of detecting SQL injection attempts. Configure verbose logging settings to immediately flag unusual SQL behavior.

How to Mitigate CVE-2024-1597

Immediate Actions Required

  • Switch from PreferQueryMode=SIMPLE to a safer mode
  • Apply the latest security patches released by PostgreSQL
  • Implement input validation and sanitation properly

Patch Information

Security patches have been released in versions 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 of the PostgreSQL JDBC Driver. Upgrading to these or later versions will mitigate the vulnerability.

Workarounds

Until a patch is applied, use safer parameterization methods and validate all inputs to ensure they meet the expected formats and lengths. Avoid using PreferQueryMode=SIMPLE where possible.

bash
# Configuration example
# Ensure jdbc connection does not use SIMPLE mode
jdbc:postgresql://host:port/database?preferQueryMode=extended

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne