CVE-2013-1900

EUVD-2013-1896
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
postgresqlpostgresql
9.2
postgresqlpostgresql
9.2.1
postgresqlpostgresql
9.2.2
postgresqlpostgresql
9.2.3
postgresqlpostgresql
9.1
postgresqlpostgresql
9.1.1
postgresqlpostgresql
9.1.2
postgresqlpostgresql
9.1.3
postgresqlpostgresql
9.1.4
postgresqlpostgresql
9.1.5
postgresqlpostgresql
9.1.6
postgresqlpostgresql
9.1.7
postgresqlpostgresql
9.1.8
postgresqlpostgresql
9.0
postgresqlpostgresql
9.0.1
postgresqlpostgresql
9.0.2
postgresqlpostgresql
9.0.3
postgresqlpostgresql
9.0.4
postgresqlpostgresql
9.0.5
postgresqlpostgresql
9.0.6
postgresqlpostgresql
9.0.7
postgresqlpostgresql
9.0.8
postgresqlpostgresql
9.0.9
postgresqlpostgresql
9.0.10
postgresqlpostgresql
9.0.11
postgresqlpostgresql
9.0.12
postgresqlpostgresql
8.4
postgresqlpostgresql
8.4.1
postgresqlpostgresql
8.4.2
postgresqlpostgresql
8.4.3
postgresqlpostgresql
8.4.4
postgresqlpostgresql
8.4.5
postgresqlpostgresql
8.4.6
postgresqlpostgresql
8.4.7
postgresqlpostgresql
8.4.8
postgresqlpostgresql
8.4.9
postgresqlpostgresql
8.4.10
postgresqlpostgresql
8.4.11
postgresqlpostgresql
8.4.12
postgresqlpostgresql
8.4.13
postgresqlpostgresql
8.4.14
postgresqlpostgresql
8.4.15
postgresqlpostgresql
8.4.16
canonicalubuntu_linux
8.04
canonicalubuntu_linux
10.04
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-8.2
hardy
ignored
lucid
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
postgresql-8.3
hardy
Fixed 8.3.23-0ubuntu8.04.1
released
lucid
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
postgresql-8.4
hardy
dne
lucid
Fixed 8.4.17-0ubuntu10.04
released
oneiric
ignored
precise
Fixed 8.4.17-0ubuntu12.04
released
quantal
dne
raring
dne
postgresql-9.1
hardy
dne
lucid
dne
oneiric
Fixed 9.1.9-0ubuntu11.10
released
precise
Fixed 9.1.9-0ubuntu12.04
released
quantal
Fixed 9.1.9-0ubuntu12.10
released
raring
Fixed 9.1.9-1ubuntu1
released
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html
http://rhn.redhat.com/errata/RHSA-2013-1475.html
http://support.apple.com/kb/HT5880
http://support.apple.com/kb/HT5892
http://www.debian.org/security/2013/dsa-2657
http://www.debian.org/security/2013/dsa-2658
http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.postgresql.org/about/news/1456/
http://www.postgresql.org/docs/current/static/release-8-4-17.html
http://www.postgresql.org/docs/current/static/release-9-0-13.html
http://www.postgresql.org/docs/current/static/release-9-1-9.html
http://www.postgresql.org/docs/current/static/release-9-2-4.html
http://www.ubuntu.com/usn/USN-1789-1
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html
http://rhn.redhat.com/errata/RHSA-2013-1475.html
http://support.apple.com/kb/HT5880
http://support.apple.com/kb/HT5892
http://www.debian.org/security/2013/dsa-2657
http://www.debian.org/security/2013/dsa-2658
http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.postgresql.org/about/news/1456/
http://www.postgresql.org/docs/current/static/release-8-4-17.html
http://www.postgresql.org/docs/current/static/release-9-0-13.html
http://www.postgresql.org/docs/current/static/release-9-1-9.html
http://www.postgresql.org/docs/current/static/release-9-2-4.html
http://www.ubuntu.com/usn/USN-1789-1