Vulnerability-Lookup - Search a vulnerability

CVE-2019-10210 (GCVE-0-2019-10210)

Vulnerability from cvelistv5

Published

2019-10-29 00:00

Modified

2024-08-04 22:17

Severity ?

6.7 (Medium) - CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-522

Summary

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.

References

►

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10210
	https://www.postgresql.org/about/news/1960/

Impacted products

	Vendor	Product	Version
	PostgreSQL	postgresql	Version: all 11.x before 11.5 Version: all 10.x before 10.10 Version: all 9.6.x before 9.6.15 Version: all 9.5.x before 9.5.19 Version: all 9.4.x before 9.4.24

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:17:19.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10210"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1960/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "postgresql",
          "vendor": "PostgreSQL",
          "versions": [
            {
              "status": "affected",
              "version": "all 11.x before 11.5"
            },
            {
              "status": "affected",
              "version": "all 10.x before 10.10"
            },
            {
              "status": "affected",
              "version": "all 9.6.x before 9.6.15"
            },
            {
              "status": "affected",
              "version": "all 9.5.x before 9.5.19"
            },
            {
              "status": "affected",
              "version": "all 9.4.x before 9.4.24"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10210"
        },
        {
          "url": "https://www.postgresql.org/about/news/1960/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10210",
    "datePublished": "2019-10-29T00:00:00",
    "dateReserved": "2019-03-27T00:00:00",
    "dateUpdated": "2024-08-04T22:17:19.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-10209 (GCVE-0-2019-10209)

Vulnerability from cvelistv5

Published

2019-10-29 13:11

Modified

2024-08-04 22:17

Severity ?

3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

Summary

Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.

References

►

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10209	x_refsource_CONFIRM
	https://www.postgresql.org/about/news/1960/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	PostgreSQL	postgresql	Version: all 11.x before 11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:17:20.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10209"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1960/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "postgresql",
          "vendor": "PostgreSQL",
          "versions": [
            {
              "status": "affected",
              "version": "all 11.x before 11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-29T13:11:45",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10209"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.postgresql.org/about/news/1960/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-10209",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "postgresql",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all 11.x before 11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PostgreSQL"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10209",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10209"
            },
            {
              "name": "https://www.postgresql.org/about/news/1960/",
              "refsource": "CONFIRM",
              "url": "https://www.postgresql.org/about/news/1960/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10209",
    "datePublished": "2019-10-29T13:11:45",
    "dateReserved": "2019-03-27T00:00:00",
    "dateUpdated": "2024-08-04T22:17:20.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-10211 (GCVE-0-2019-10211)

Vulnerability from cvelistv5

Published

2019-10-29 13:15

Modified

2024-08-04 22:17

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-94

Summary

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.

References

►

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10211	x_refsource_CONFIRM
	https://www.postgresql.org/about/news/1960/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	PostgreSQL	postgresql	Version: all 11.x before 11.5 Version: all 10.x before 10.10 Version: all 9.6.x before 9.6.15 Version: all 9.5.x before 9.5.19 Version: all 9.4.x before 9.4.24

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:17:18.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10211"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1960/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "postgresql",
          "vendor": "PostgreSQL",
          "versions": [
            {
              "status": "affected",
              "version": "all 11.x before 11.5"
            },
            {
              "status": "affected",
              "version": "all 10.x before 10.10"
            },
            {
              "status": "affected",
              "version": "all 9.6.x before 9.6.15"
            },
            {
              "status": "affected",
              "version": "all 9.5.x before 9.5.19"
            },
            {
              "status": "affected",
              "version": "all 9.4.x before 9.4.24"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-29T13:15:40",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10211"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.postgresql.org/about/news/1960/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-10211",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "postgresql",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all 11.x before 11.5"
                          },
                          {
                            "version_value": "all 10.x before 10.10"
                          },
                          {
                            "version_value": "all 9.6.x before 9.6.15"
                          },
                          {
                            "version_value": "all 9.5.x before 9.5.19"
                          },
                          {
                            "version_value": "all 9.4.x before 9.4.24"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PostgreSQL"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10211",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10211"
            },
            {
              "name": "https://www.postgresql.org/about/news/1960/",
              "refsource": "CONFIRM",
              "url": "https://www.postgresql.org/about/news/1960/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10211",
    "datePublished": "2019-10-29T13:15:40",
    "dateReserved": "2019-03-27T00:00:00",
    "dateUpdated": "2024-08-04T22:17:18.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-10208 (GCVE-0-2019-10208)

Vulnerability from cvelistv5

Published

2019-10-29 13:13

Modified

2024-08-04 22:17

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89

Summary

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

References

►

URL

Tags

	https://www.postgresql.org/about/news/1960/	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	PostgreSQL	postgresql	Version: all 11.x before 11.5 Version: all 10.x before 10.10 Version: all 9.6.x before 9.6.15 Version: all 9.5.x before 9.5.19 Version: all 9.4.x before 9.4.24

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:17:18.925Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1960/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208"
          },
          {
            "name": "openSUSE-SU-2020:1227",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "postgresql",
          "vendor": "PostgreSQL",
          "versions": [
            {
              "status": "affected",
              "version": "all 11.x before 11.5"
            },
            {
              "status": "affected",
              "version": "all 10.x before 10.10"
            },
            {
              "status": "affected",
              "version": "all 9.6.x before 9.6.15"
            },
            {
              "status": "affected",
              "version": "all 9.5.x before 9.5.19"
            },
            {
              "status": "affected",
              "version": "all 9.4.x before 9.4.24"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-17T17:06:11",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.postgresql.org/about/news/1960/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208"
        },
        {
          "name": "openSUSE-SU-2020:1227",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-10208",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "postgresql",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all 11.x before 11.5"
                          },
                          {
                            "version_value": "all 10.x before 10.10"
                          },
                          {
                            "version_value": "all 9.6.x before 9.6.15"
                          },
                          {
                            "version_value": "all 9.5.x before 9.5.19"
                          },
                          {
                            "version_value": "all 9.4.x before 9.4.24"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PostgreSQL"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.postgresql.org/about/news/1960/",
              "refsource": "MISC",
              "url": "https://www.postgresql.org/about/news/1960/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208"
            },
            {
              "name": "openSUSE-SU-2020:1227",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10208",
    "datePublished": "2019-10-29T13:13:12",
    "dateReserved": "2019-03-27T00:00:00",
    "dateUpdated": "2024-08-04T22:17:18.925Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-7547 (GCVE-0-2017-7547)

Vulnerability from cvelistv5

Published

2017-08-16 18:00

Modified

2024-09-16 23:41

Severity ?

CWE

CWE-522

Summary

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2017:2728	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2017/dsa-3936	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:2678	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2017/dsa-3935	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1039142	vdb-entry, x_refsource_SECTRACK
	https://www.postgresql.org/about/news/1772/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201710-06	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/100275	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:2677	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	PostgreSQL	postgresql	Version: 9.2.x before 9.2.22 Version: 9.3.x before 9.3.18 Version: 9.4.x before 9.4.13 Version: 9.5.x before 9.5.8 Version: 9.6.x before 9.6.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:2728",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2728"
          },
          {
            "name": "DSA-3936",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3936"
          },
          {
            "name": "RHSA-2017:2678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2678"
          },
          {
            "name": "DSA-3935",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3935"
          },
          {
            "name": "1039142",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039142"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1772/"
          },
          {
            "name": "GLSA-201710-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-06"
          },
          {
            "name": "100275",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100275"
          },
          {
            "name": "RHSA-2017:2677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2677"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "postgresql",
          "vendor": "PostgreSQL",
          "versions": [
            {
              "status": "affected",
              "version": "9.2.x before 9.2.22"
            },
            {
              "status": "affected",
              "version": "9.3.x before 9.3.18"
            },
            {
              "status": "affected",
              "version": "9.4.x before 9.4.13"
            },
            {
              "status": "affected",
              "version": "9.5.x before 9.5.8"
            },
            {
              "status": "affected",
              "version": "9.6.x before 9.6.4"
            }
          ]
        }
      ],
      "datePublic": "2017-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-30T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:2728",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2728"
        },
        {
          "name": "DSA-3936",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3936"
        },
        {
          "name": "RHSA-2017:2678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2678"
        },
        {
          "name": "DSA-3935",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3935"
        },
        {
          "name": "1039142",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039142"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.postgresql.org/about/news/1772/"
        },
        {
          "name": "GLSA-201710-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-06"
        },
        {
          "name": "100275",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100275"
        },
        {
          "name": "RHSA-2017:2677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2677"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2017-08-10T00:00:00",
          "ID": "CVE-2017-7547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "postgresql",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2.x before 9.2.22"
                          },
                          {
                            "version_value": "9.3.x before 9.3.18"
                          },
                          {
                            "version_value": "9.4.x before 9.4.13"
                          },
                          {
                            "version_value": "9.5.x before 9.5.8"
                          },
                          {
                            "version_value": "9.6.x before 9.6.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PostgreSQL"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:2728",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2728"
            },
            {
              "name": "DSA-3936",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3936"
            },
            {
              "name": "RHSA-2017:2678",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2678"
            },
            {
              "name": "DSA-3935",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3935"
            },
            {
              "name": "1039142",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039142"
            },
            {
              "name": "https://www.postgresql.org/about/news/1772/",
              "refsource": "CONFIRM",
              "url": "https://www.postgresql.org/about/news/1772/"
            },
            {
              "name": "GLSA-201710-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-06"
            },
            {
              "name": "100275",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100275"
            },
            {
              "name": "RHSA-2017:2677",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2677"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7547",
    "datePublished": "2017-08-16T18:00:00Z",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-09-16T23:41:38.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-7546 (GCVE-0-2017-7546)

Vulnerability from cvelistv5

Published

2017-08-16 18:00

Modified

2024-09-16 17:18

Severity ?

CWE

CWE-287

Summary

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2017:2728	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2017/dsa-3936	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:2678	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2860	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/100278	vdb-entry, x_refsource_BID
	http://www.debian.org/security/2017/dsa-3935	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1039142	vdb-entry, x_refsource_SECTRACK
	https://www.postgresql.org/about/news/1772/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201710-06	vendor-advisory, x_refsource_GENTOO
	https://access.redhat.com/errata/RHSA-2017:2677	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	PostgreSQL	postgresql	Version: 9.2.x before 9.2.22 Version: 9.3.x before 9.3.18 Version: 9.4.x before 9.4.13 Version: 9.5.x before 9.5.8 Version: 9.6.x before 9.6.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:12.029Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:2728",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2728"
          },
          {
            "name": "DSA-3936",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3936"
          },
          {
            "name": "RHSA-2017:2678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2678"
          },
          {
            "name": "RHSA-2017:2860",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2860"
          },
          {
            "name": "100278",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100278"
          },
          {
            "name": "DSA-3935",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3935"
          },
          {
            "name": "1039142",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039142"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1772/"
          },
          {
            "name": "GLSA-201710-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-06"
          },
          {
            "name": "RHSA-2017:2677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2677"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "postgresql",
          "vendor": "PostgreSQL",
          "versions": [
            {
              "status": "affected",
              "version": "9.2.x before 9.2.22"
            },
            {
              "status": "affected",
              "version": "9.3.x before 9.3.18"
            },
            {
              "status": "affected",
              "version": "9.4.x before 9.4.13"
            },
            {
              "status": "affected",
              "version": "9.5.x before 9.5.8"
            },
            {
              "status": "affected",
              "version": "9.6.x before 9.6.4"
            }
          ]
        }
      ],
      "datePublic": "2017-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-30T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:2728",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2728"
        },
        {
          "name": "DSA-3936",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3936"
        },
        {
          "name": "RHSA-2017:2678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2678"
        },
        {
          "name": "RHSA-2017:2860",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2860"
        },
        {
          "name": "100278",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100278"
        },
        {
          "name": "DSA-3935",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3935"
        },
        {
          "name": "1039142",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039142"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.postgresql.org/about/news/1772/"
        },
        {
          "name": "GLSA-201710-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-06"
        },
        {
          "name": "RHSA-2017:2677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2677"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2017-08-10T00:00:00",
          "ID": "CVE-2017-7546",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "postgresql",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2.x before 9.2.22"
                          },
                          {
                            "version_value": "9.3.x before 9.3.18"
                          },
                          {
                            "version_value": "9.4.x before 9.4.13"
                          },
                          {
                            "version_value": "9.5.x before 9.5.8"
                          },
                          {
                            "version_value": "9.6.x before 9.6.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PostgreSQL"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:2728",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2728"
            },
            {
              "name": "DSA-3936",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3936"
            },
            {
              "name": "RHSA-2017:2678",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2678"
            },
            {
              "name": "RHSA-2017:2860",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2860"
            },
            {
              "name": "100278",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100278"
            },
            {
              "name": "DSA-3935",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3935"
            },
            {
              "name": "1039142",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039142"
            },
            {
              "name": "https://www.postgresql.org/about/news/1772/",
              "refsource": "CONFIRM",
              "url": "https://www.postgresql.org/about/news/1772/"
            },
            {
              "name": "GLSA-201710-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-06"
            },
            {
              "name": "RHSA-2017:2677",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2677"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7546",
    "datePublished": "2017-08-16T18:00:00Z",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-09-16T17:18:53.123Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-7548 (GCVE-0-2017-7548)

Vulnerability from cvelistv5

Published

2017-08-16 18:00

Modified

2024-09-16 16:18

Severity ?

CWE

CWE-862

Summary

PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.

References

►

URL

Tags

	http://www.debian.org/security/2017/dsa-3936	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:2678	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2017/dsa-3935	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1039142	vdb-entry, x_refsource_SECTRACK
	https://www.postgresql.org/about/news/1772/	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/100276	vdb-entry, x_refsource_BID
	https://security.gentoo.org/glsa/201710-06	vendor-advisory, x_refsource_GENTOO
	https://access.redhat.com/errata/RHSA-2017:2677	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	PostgreSQL	postgresql	Version: 9.4.x before 9.4.13 Version: 9.5.x before 9.5.8 Version: 9.6.x before 9.6.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:12.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3936",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3936"
          },
          {
            "name": "RHSA-2017:2678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2678"
          },
          {
            "name": "DSA-3935",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3935"
          },
          {
            "name": "1039142",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039142"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1772/"
          },
          {
            "name": "100276",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100276"
          },
          {
            "name": "GLSA-201710-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-06"
          },
          {
            "name": "RHSA-2017:2677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2677"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "postgresql",
          "vendor": "PostgreSQL",
          "versions": [
            {
              "status": "affected",
              "version": "9.4.x before 9.4.13"
            },
            {
              "status": "affected",
              "version": "9.5.x before 9.5.8"
            },
            {
              "status": "affected",
              "version": "9.6.x before 9.6.4"
            }
          ]
        }
      ],
      "datePublic": "2017-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-30T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-3936",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3936"
        },
        {
          "name": "RHSA-2017:2678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2678"
        },
        {
          "name": "DSA-3935",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3935"
        },
        {
          "name": "1039142",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039142"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.postgresql.org/about/news/1772/"
        },
        {
          "name": "100276",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100276"
        },
        {
          "name": "GLSA-201710-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-06"
        },
        {
          "name": "RHSA-2017:2677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2677"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2017-08-10T00:00:00",
          "ID": "CVE-2017-7548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "postgresql",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.4.x before 9.4.13"
                          },
                          {
                            "version_value": "9.5.x before 9.5.8"
                          },
                          {
                            "version_value": "9.6.x before 9.6.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PostgreSQL"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3936",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3936"
            },
            {
              "name": "RHSA-2017:2678",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2678"
            },
            {
              "name": "DSA-3935",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3935"
            },
            {
              "name": "1039142",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039142"
            },
            {
              "name": "https://www.postgresql.org/about/news/1772/",
              "refsource": "CONFIRM",
              "url": "https://www.postgresql.org/about/news/1772/"
            },
            {
              "name": "100276",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100276"
            },
            {
              "name": "GLSA-201710-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-06"
            },
            {
              "name": "RHSA-2017:2677",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2677"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7548",
    "datePublished": "2017-08-16T18:00:00Z",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-09-16T16:18:38.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-10164 (GCVE-0-2019-10164)

Vulnerability from cvelistv5

Published

2019-06-26 15:29

Modified

2024-08-04 22:10

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-121

Summary

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.

References

►

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164	x_refsource_CONFIRM
	https://www.postgresql.org/about/news/1949/	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202003-03	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	PostgreSQL	PostgreSQL	Version: 10.9 Version: 11.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:10:10.043Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1949/"
          },
          {
            "name": "openSUSE-SU-2019:1773",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html"
          },
          {
            "name": "FEDORA-2019-9f04a701c0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/"
          },
          {
            "name": "FEDORA-2019-e43f49b428",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/"
          },
          {
            "name": "GLSA-202003-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PostgreSQL",
          "vendor": "PostgreSQL",
          "versions": [
            {
              "status": "affected",
              "version": "10.9"
            },
            {
              "status": "affected",
              "version": "11.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user\u0027s own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-12T21:06:08",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.postgresql.org/about/news/1949/"
        },
        {
          "name": "openSUSE-SU-2019:1773",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html"
        },
        {
          "name": "FEDORA-2019-9f04a701c0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/"
        },
        {
          "name": "FEDORA-2019-e43f49b428",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/"
        },
        {
          "name": "GLSA-202003-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-10164",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PostgreSQL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.9"
                          },
                          {
                            "version_value": "11.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PostgreSQL"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user\u0027s own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-121"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164"
            },
            {
              "name": "https://www.postgresql.org/about/news/1949/",
              "refsource": "MISC",
              "url": "https://www.postgresql.org/about/news/1949/"
            },
            {
              "name": "openSUSE-SU-2019:1773",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html"
            },
            {
              "name": "FEDORA-2019-9f04a701c0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/"
            },
            {
              "name": "FEDORA-2019-e43f49b428",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/"
            },
            {
              "name": "GLSA-202003-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10164",
    "datePublished": "2019-06-26T15:29:13",
    "dateReserved": "2019-03-27T00:00:00",
    "dateUpdated": "2024-08-04T22:10:10.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerabilites related to PostgreSQL - PostgreSQL

CVE-2019-10210 (GCVE-0-2019-10210)

Vulnerability from cvelistv5

CVE-2019-10209 (GCVE-0-2019-10209)

Vulnerability from cvelistv5

CVE-2019-10211 (GCVE-0-2019-10211)

Vulnerability from cvelistv5

CVE-2019-10208 (GCVE-0-2019-10208)

Vulnerability from cvelistv5

CVE-2017-7547 (GCVE-0-2017-7547)

Vulnerability from cvelistv5

CVE-2017-7546 (GCVE-0-2017-7546)

Vulnerability from cvelistv5

CVE-2017-7548 (GCVE-0-2017-7548)

Vulnerability from cvelistv5

CVE-2019-10164 (GCVE-0-2019-10164)

Vulnerability from cvelistv5