CVE-2018-10915
Published: Aug 9, 2018
Modified: Aug 5, 2024
CVSS v3.0
8.5
Description
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.
| Vendor | Product | Versions |
|---|---|---|
PostgreSQL Global Development Group | postgresql | affected 10.5affected 9.6.10affected 9.5.14affected 9.4.19affected 9.3.24 |
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now