Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-10915

Good to know:

icon

Date: August 9, 2018

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.

Language: C

Severity Score

Related Resources (22)

https://www.postgresql.org/about/news/1878/
https://access.redhat.com/errata/RHSA-2018:2729
http://www.securityfocus.com/bid/105054
https://usn.ubuntu.com/3744-1/
https://lists.debian.org/debian-lts-announce/2018/08/msg00012.html
https://access.redhat.com/errata/RHSA-2018:3816
https://security-tracker.debian.org/tracker/CVE-2018-10915
https://access.redhat.com/errata/RHSA-2018:2557
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10915
https://www.debian.org/security/2018/dsa-4269
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
https://security.gentoo.org/glsa/201810-08
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10915
https://access.redhat.com/security/cve/CVE-2018-10915
https://nvd.nist.gov/vuln/detail/CVE-2018-10915
https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2018:2511
https://access.redhat.com/errata/RHSA-2018:2566
https://access.redhat.com/errata/RHSA-2018:2721
https://access.redhat.com/errata/RHSA-2018:2565
http://www.securitytracker.com/id/1041446
https://www.mend.io/vulnerability-database/CVE-2018-10915

Severity Score

Weakness Type (CWE)

Input Validation

CWE-20

SQL Injection

CWE-89

Top Fix

icon

Upgrade Version

Upgrade to version 10.5,9.6.10, 9.5.14, 9.4.19,9.3.24

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us