QwikSec

Security Database

CVE

CWE

Training

CVE-2016-5423

Published: Dec 9, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_REDHAT

https://www.postgresql.org/docs/current/static/release-9-4-9.html

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_REDHAT

https://www.postgresql.org/docs/current/static/release-9-5-4.html

x_refsource_CONFIRM

https://www.postgresql.org/docs/current/static/release-9-3-14.html

x_refsource_CONFIRM

https://www.postgresql.org/about/news/1688/

x_refsource_CONFIRM

https://www.postgresql.org/docs/current/static/release-9-2-18.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

https://www.postgresql.org/docs/current/static/release-9-1-23.html

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1364001

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.