CVE-2014-8161

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
postgresqlpostgresql
𝑥
< 9.0.19
postgresqlpostgresql
9.1.0 ≤
𝑥
< 9.1.15
postgresqlpostgresql
9.2.0 ≤
𝑥
< 9.2.10
postgresqlpostgresql
9.3.0 ≤
𝑥
< 9.3.6
postgresqlpostgresql
9.4.0 ≤
𝑥
< 9.4.1
debiandebian_linux
7.0
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-8.4
lucid
Fixed 8.4.22-0ubuntu0.10.04.1
released
precise
ignored
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
postgresql-9.1
lucid
dne
precise
Fixed 9.1.15-0ubuntu0.12.04
released
trusty
Fixed 9.1.15-0ubuntu0.14.04
released
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
postgresql-9.3
lucid
dne
precise
dne
trusty
Fixed 9.3.6-0ubuntu0.14.04
released
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
postgresql-9.4
lucid
dne
precise
dne
trusty
dne
utopic
Fixed 9.4.1-0ubuntu0.14.10
released
vivid
not-affected
wily
not-affected
xenial
dne
yakkety
dne
zesty
dne
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
postgresql
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-contrib
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-devel
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-docs
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-libs
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-plperl
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-plpython
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-pltcl
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-server
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-test
RHEL 6
0:8.4.20-2.el6_6
fixed
RHEL 7
0:9.2.10-2.el7_1
fixed
postgresql-upgrade
RHEL 7
0:9.2.10-2.el7_1
fixed
Common Weakness Enumeration
References
http://www.debian.org/security/2015/dsa-3155
http://www.postgresql.org/about/news/1569/
http://www.postgresql.org/docs/9.4/static/release-9-4-1.html
http://www.postgresql.org/docs/current/static/release-9-0-19.html
http://www.postgresql.org/docs/current/static/release-9-1-15.html
http://www.postgresql.org/docs/current/static/release-9-2-10.html
http://www.postgresql.org/docs/current/static/release-9-3-6.html
http://www.debian.org/security/2015/dsa-3155
http://www.postgresql.org/about/news/1569/
http://www.postgresql.org/docs/9.4/static/release-9-4-1.html
http://www.postgresql.org/docs/current/static/release-9-0-19.html
http://www.postgresql.org/docs/current/static/release-9-1-15.html
http://www.postgresql.org/docs/current/static/release-9-2-10.html
http://www.postgresql.org/docs/current/static/release-9-3-6.html