CVE-2014-0061

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
postgresqlpostgresql
𝑥
≤ 8.4.19
postgresqlpostgresql
8.4.1
postgresqlpostgresql
8.4.2
postgresqlpostgresql
8.4.3
postgresqlpostgresql
8.4.4
postgresqlpostgresql
8.4.5
postgresqlpostgresql
8.4.6
postgresqlpostgresql
8.4.7
postgresqlpostgresql
8.4.8
postgresqlpostgresql
8.4.9
postgresqlpostgresql
8.4.10
postgresqlpostgresql
8.4.11
postgresqlpostgresql
8.4.12
postgresqlpostgresql
8.4.13
postgresqlpostgresql
8.4.14
postgresqlpostgresql
8.4.15
postgresqlpostgresql
8.4.16
postgresqlpostgresql
8.4.17
postgresqlpostgresql
8.4.18
postgresqlpostgresql
9.0
postgresqlpostgresql
9.0.1
postgresqlpostgresql
9.0.2
postgresqlpostgresql
9.0.3
postgresqlpostgresql
9.0.4
postgresqlpostgresql
9.0.5
postgresqlpostgresql
9.0.6
postgresqlpostgresql
9.0.7
postgresqlpostgresql
9.0.8
postgresqlpostgresql
9.0.9
postgresqlpostgresql
9.0.10
postgresqlpostgresql
9.0.11
postgresqlpostgresql
9.0.12
postgresqlpostgresql
9.0.13
postgresqlpostgresql
9.0.14
postgresqlpostgresql
9.0.15
postgresqlpostgresql
9.1
postgresqlpostgresql
9.1.1
postgresqlpostgresql
9.1.2
postgresqlpostgresql
9.1.3
postgresqlpostgresql
9.1.4
postgresqlpostgresql
9.1.5
postgresqlpostgresql
9.1.6
postgresqlpostgresql
9.1.7
postgresqlpostgresql
9.1.8
postgresqlpostgresql
9.1.9
postgresqlpostgresql
9.1.10
postgresqlpostgresql
9.1.11
postgresqlpostgresql
9.2
postgresqlpostgresql
9.2.1
postgresqlpostgresql
9.2.2
postgresqlpostgresql
9.2.3
postgresqlpostgresql
9.2.4
postgresqlpostgresql
9.2.5
postgresqlpostgresql
9.2.6
postgresqlpostgresql
9.3
postgresqlpostgresql
9.3.1
postgresqlpostgresql
9.3.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
postgresql-plsh
bullseye
1.20200522-2
fixed
wheezy
no-dsa
squeeze
no-dsa
bookworm
1.20220917-1
fixed
sid
1.20220917-3
fixed
trixie
1.20220917-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-8.4
utopic
dne
trusty
dne
saucy
dne
quantal
dne
precise
Fixed 8.4.22-0ubuntu0.12.04
released
lucid
Fixed 8.4.20-0ubuntu010.04
released
postgresql-9.1
utopic
dne
trusty
Fixed 9.1.12-1
released
saucy
Fixed 9.1.12-0ubuntu0.13.10
released
quantal
Fixed 9.1.12-0ubuntu0.12.10
released
precise
Fixed 9.1.12-0ubuntu0.12.04
released
lucid
dne
postgresql-9.3
utopic
dne
trusty
Fixed 9.3.3-1
released
saucy
dne
quantal
dne
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html
http://rhn.redhat.com/errata/RHSA-2014-0211.html
http://rhn.redhat.com/errata/RHSA-2014-0221.html
http://rhn.redhat.com/errata/RHSA-2014-0249.html
http://rhn.redhat.com/errata/RHSA-2014-0469.html
http://secunia.com/advisories/61307
http://support.apple.com/kb/HT6448
http://wiki.postgresql.org/wiki/20140220securityrelease
http://www.debian.org/security/2014/dsa-2864
http://www.debian.org/security/2014/dsa-2865
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.postgresql.org/about/news/1506/
http://www.ubuntu.com/usn/USN-2120-1
https://support.apple.com/kb/HT6536
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html
http://rhn.redhat.com/errata/RHSA-2014-0211.html
http://rhn.redhat.com/errata/RHSA-2014-0221.html
http://rhn.redhat.com/errata/RHSA-2014-0249.html
http://rhn.redhat.com/errata/RHSA-2014-0469.html
http://secunia.com/advisories/61307
http://support.apple.com/kb/HT6448
http://wiki.postgresql.org/wiki/20140220securityrelease
http://www.debian.org/security/2014/dsa-2864
http://www.debian.org/security/2014/dsa-2865
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.postgresql.org/about/news/1506/
http://www.ubuntu.com/usn/USN-2120-1
https://support.apple.com/kb/HT6536