CVE-2018-1058
02.03.2018, 15:29
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| postgresql | postgresql | 9.3 ≤ 𝑥 < 9.3.22 |
| postgresql | postgresql | 9.4 ≤ 𝑥 < 9.4.17 |
| postgresql | postgresql | 9.5 ≤ 𝑥 < 9.5.12 |
| postgresql | postgresql | 9.6 ≤ 𝑥 < 9.6.8 |
| postgresql | postgresql | 10.0 ≤ 𝑥 < 10.3 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| redhat | cloudforms | 4.6 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| postgresql-10 |
| ||||||||||||
| postgresql-9.1 |
| ||||||||||||
| postgresql-9.3 |
| ||||||||||||
| postgresql-9.5 |
| ||||||||||||
| postgresql-9.6 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libecpg6 |
| ||||||||||||||||||||||||
| libpq5 |
| ||||||||||||||||||||||||
| libpq5-32bit |
| ||||||||||||||||||||||||
| postgresql10 |
| ||||||||||||||||||||||||
| postgresql10-contrib |
| ||||||||||||||||||||||||
| postgresql10-devel |
| ||||||||||||||||||||||||
| postgresql10-docs |
| ||||||||||||||||||||||||
| postgresql10-plperl |
| ||||||||||||||||||||||||
| postgresql10-plpython |
| ||||||||||||||||||||||||
| postgresql10-pltcl |
| ||||||||||||||||||||||||
| postgresql10-server |
| ||||||||||||||||||||||||
| postgresql94 |
| ||||||||||||||||||||||||
| postgresql94-contrib |
| ||||||||||||||||||||||||
| postgresql94-docs |
| ||||||||||||||||||||||||
| postgresql94-server |
| ||||||||||||||||||||||||
| postgresql96 |
| ||||||||||||||||||||||||
| postgresql96-contrib |
| ||||||||||||||||||||||||
| postgresql96-docs |
| ||||||||||||||||||||||||
| postgresql96-server |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| postgresql93 |
| ||
| postgresql93-contrib |
| ||
| postgresql93-debuginfo |
| ||
| postgresql93-devel |
| ||
| postgresql93-docs |
| ||
| postgresql93-libs |
| ||
| postgresql93-plperl |
| ||
| postgresql93-plpython26 |
| ||
| postgresql93-plpython27 |
| ||
| postgresql93-pltcl |
| ||
| postgresql93-server |
| ||
| postgresql93-test |
| ||
| postgresql94 |
| ||
| postgresql94-contrib |
| ||
| postgresql94-debuginfo |
| ||
| postgresql94-devel |
| ||
| postgresql94-docs |
| ||
| postgresql94-libs |
| ||
| postgresql94-plperl |
| ||
| postgresql94-plpython26 |
| ||
| postgresql94-plpython27 |
| ||
| postgresql94-server |
| ||
| postgresql94-test |
| ||
| postgresql95 |
| ||
| postgresql95-contrib |
| ||
| postgresql95-debuginfo |
| ||
| postgresql95-devel |
| ||
| postgresql95-docs |
| ||
| postgresql95-libs |
| ||
| postgresql95-plperl |
| ||
| postgresql95-plpython26 |
| ||
| postgresql95-plpython27 |
| ||
| postgresql95-server |
| ||
| postgresql95-static |
| ||
| postgresql95-test |
| ||
| postgresql96 |
| ||
| postgresql96-contrib |
| ||
| postgresql96-debuginfo |
| ||
| postgresql96-devel |
| ||
| postgresql96-docs |
| ||
| postgresql96-libs |
| ||
| postgresql96-plperl |
| ||
| postgresql96-plpython26 |
| ||
| postgresql96-plpython27 |
| ||
| postgresql96-server |
| ||
| postgresql96-static |
| ||
| postgresql96-test |
|
Common Weakness Enumeration
References