CVE-2016-5424

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
debiandebian_linux
8.0
postgresqlpostgresql
𝑥
≤ 9.1.22
postgresqlpostgresql
9.2
postgresqlpostgresql
9.2.1
postgresqlpostgresql
9.2.2
postgresqlpostgresql
9.2.3
postgresqlpostgresql
9.2.4
postgresqlpostgresql
9.2.5
postgresqlpostgresql
9.2.6
postgresqlpostgresql
9.2.7
postgresqlpostgresql
9.2.8
postgresqlpostgresql
9.2.9
postgresqlpostgresql
9.2.10
postgresqlpostgresql
9.2.11
postgresqlpostgresql
9.2.12
postgresqlpostgresql
9.2.13
postgresqlpostgresql
9.2.14
postgresqlpostgresql
9.2.15
postgresqlpostgresql
9.2.16
postgresqlpostgresql
9.2.17
postgresqlpostgresql
9.3
postgresqlpostgresql
9.3.1
postgresqlpostgresql
9.3.2
postgresqlpostgresql
9.3.3
postgresqlpostgresql
9.3.4
postgresqlpostgresql
9.3.5
postgresqlpostgresql
9.3.6
postgresqlpostgresql
9.3.7
postgresqlpostgresql
9.3.8
postgresqlpostgresql
9.3.9
postgresqlpostgresql
9.3.10
postgresqlpostgresql
9.3.11
postgresqlpostgresql
9.3.12
postgresqlpostgresql
9.3.13
postgresqlpostgresql
9.4
postgresqlpostgresql
9.4.1
postgresqlpostgresql
9.4.2
postgresqlpostgresql
9.4.3
postgresqlpostgresql
9.4.4
postgresqlpostgresql
9.4.5
postgresqlpostgresql
9.4.6
postgresqlpostgresql
9.4.7
postgresqlpostgresql
9.4.8
postgresqlpostgresql
9.5
postgresqlpostgresql
9.5.1
postgresqlpostgresql
9.5.2
postgresqlpostgresql
9.5.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-8.4
zesty
dne
yakkety
dne
xenial
dne
trusty
dne
precise
ignored
postgresql-9.1
zesty
dne
yakkety
dne
xenial
dne
trusty
Fixed 9.1.23-0ubuntu0.14.04
released
precise
Fixed 9.1.23-0ubuntu0.12.04
released
postgresql-9.3
zesty
dne
yakkety
dne
xenial
dne
trusty
Fixed 9.3.14-0ubuntu0.14.04
released
precise
dne
postgresql-9.5
zesty
dne
yakkety
not-affected
xenial
Fixed 9.5.4-0ubuntu0.16.04
released
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-1781.html
http://rhn.redhat.com/errata/RHSA-2016-1820.html
http://rhn.redhat.com/errata/RHSA-2016-1821.html
http://rhn.redhat.com/errata/RHSA-2016-2606.html
http://www.debian.org/security/2016/dsa-3646
http://www.securityfocus.com/bid/92435
http://www.securitytracker.com/id/1036617
https://access.redhat.com/errata/RHSA-2017:2425
https://security.gentoo.org/glsa/201701-33
https://www.postgresql.org/about/news/1688/
https://www.postgresql.org/docs/current/static/release-9-1-23.html
https://www.postgresql.org/docs/current/static/release-9-2-18.html
https://www.postgresql.org/docs/current/static/release-9-3-14.html
https://www.postgresql.org/docs/current/static/release-9-4-9.html
https://www.postgresql.org/docs/current/static/release-9-5-4.html
http://rhn.redhat.com/errata/RHSA-2016-1781.html
http://rhn.redhat.com/errata/RHSA-2016-1820.html
http://rhn.redhat.com/errata/RHSA-2016-1821.html
http://rhn.redhat.com/errata/RHSA-2016-2606.html
http://www.debian.org/security/2016/dsa-3646
http://www.securityfocus.com/bid/92435
http://www.securitytracker.com/id/1036617
https://access.redhat.com/errata/RHSA-2017:2425
https://security.gentoo.org/glsa/201701-33
https://www.postgresql.org/about/news/1688/
https://www.postgresql.org/docs/current/static/release-9-1-23.html
https://www.postgresql.org/docs/current/static/release-9-2-18.html
https://www.postgresql.org/docs/current/static/release-9-3-14.html
https://www.postgresql.org/docs/current/static/release-9-4-9.html
https://www.postgresql.org/docs/current/static/release-9-5-4.html