CVE-2014-8161

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
postgresqlpostgresql
𝑥
< 9.0.19
postgresqlpostgresql
9.1.0 ≤
𝑥
< 9.1.15
postgresqlpostgresql
9.2.0 ≤
𝑥
< 9.2.10
postgresqlpostgresql
9.3.0 ≤
𝑥
< 9.3.6
postgresqlpostgresql
9.4.0 ≤
𝑥
< 9.4.1
debiandebian_linux
7.0
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-8.4
lucid
Fixed 8.4.22-0ubuntu0.10.04.1
released
precise
ignored
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
postgresql-9.1
lucid
dne
precise
Fixed 9.1.15-0ubuntu0.12.04
released
trusty
Fixed 9.1.15-0ubuntu0.14.04
released
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
postgresql-9.3
lucid
dne
precise
dne
trusty
Fixed 9.3.6-0ubuntu0.14.04
released
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
postgresql-9.4
lucid
dne
precise
dne
trusty
dne
utopic
Fixed 9.4.1-0ubuntu0.14.10
released
vivid
not-affected
wily
not-affected
xenial
dne
yakkety
dne
zesty
dne
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
postgresql
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-contrib
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-devel
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-docs
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-libs
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-plperl
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-plpython
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-pltcl
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-server
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-test
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-upgrade
RHEL 7
0:9.2.10-2.el7_1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
postgresql8
Amazon Linux 1
0:8.4.20-2.48.amzn1
fixed
postgresql8-contrib
Amazon Linux 1
0:8.4.20-2.48.amzn1
fixed
postgresql8-debuginfo
Amazon Linux 1
0:8.4.20-2.48.amzn1
fixed
postgresql8-devel
Amazon Linux 1
0:8.4.20-2.48.amzn1
fixed
postgresql8-docs
Amazon Linux 1
0:8.4.20-2.48.amzn1
fixed
postgresql8-libs
Amazon Linux 1
0:8.4.20-2.48.amzn1
fixed
postgresql8-plperl
Amazon Linux 1
0:8.4.20-2.48.amzn1
fixed
postgresql8-plpython
Amazon Linux 1
0:8.4.20-2.48.amzn1
fixed
postgresql8-pltcl
Amazon Linux 1
0:8.4.20-2.48.amzn1
fixed
postgresql8-server
Amazon Linux 1
0:8.4.20-2.48.amzn1
fixed
postgresql8-test
Amazon Linux 1
0:8.4.20-2.48.amzn1
fixed
postgresql92
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-contrib
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-debuginfo
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-devel
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-docs
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-libs
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-plperl
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-plpython
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-pltcl
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-server
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-server-compat
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-test
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed