CVE-2009-2943

Published: Oct 22, 2009Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

Affected (3)

Products: Ocaml: Postgresql Ocaml

Ocaml

1 product

Postgresql Ocaml

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ocaml Postgresql Ocaml	Version 1.12.1
Ocaml Postgresql Ocaml	Version 1.5.4
Ocaml Postgresql Ocaml	Version 1.7.0

Running on/with	Platform Versions
Postgresql Postgresql	All versions

References (6)

http://secunia.com/advisories/37048

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2009/dsa-1909

Source: cve@mitre.org

Patch

http://www.osvdb.org/59029

Source: cve@mitre.org

http://secunia.com/advisories/37048

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2009/dsa-1909

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.osvdb.org/59029

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.