CVE-2018-1058

Published: Mar 2, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

Affected (9)

Products: Postgresql: Postgresql · Canonical: Ubuntu Linux · Redhat: Cloudforms

1 product

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	From 10.0 to 10.3
Postgresql Postgresql	From 9.3 to 9.3.22
Postgresql Postgresql	From 9.4 to 9.4.17
Postgresql Postgresql	From 9.5 to 9.5.12
Postgresql Postgresql	From 9.6 to 9.6.8

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 17.10

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Cloudforms	Version 4.6

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://www.securityfocus.com/bid/103221

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:2511

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2566

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3816

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1547044

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://usn.ubuntu.com/3589-1/

Source: secalert@redhat.com

Third Party Advisory

https://www.postgresql.org/about/news/1834/

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/103221

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:2511

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2566

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3816

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1547044

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://usn.ubuntu.com/3589-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.postgresql.org/about/news/1834/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.