Home CVE Database CVE-2018-10915

CVE-2018-10915

Description

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with host or hostaddr connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.

Priority: MEDIUM
CVSS v3: 7.5
Publish Date: Aug 9, 2018
Related ID: --
CVSS v2: HIGH
Modified Date: Aug 9, 2018

Find out more about CVE-2018-10915 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

postgresql

Live chat
Online