CVE-2018-1058
EUVD-2018-1171102.03.2018, 15:29
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| postgresql | postgresql | 9.3 ≤ 𝑥 < 9.3.22 |
| postgresql | postgresql | 9.4 ≤ 𝑥 < 9.4.17 |
| postgresql | postgresql | 9.5 ≤ 𝑥 < 9.5.12 |
| postgresql | postgresql | 9.6 ≤ 𝑥 < 9.6.8 |
| postgresql | postgresql | 10.0 ≤ 𝑥 < 10.3 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| redhat | cloudforms | 4.6 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| postgresql-10 |
| ||||||||||||
| postgresql-9.1 |
| ||||||||||||
| postgresql-9.3 |
| ||||||||||||
| postgresql-9.5 |
| ||||||||||||
| postgresql-9.6 |
|
Common Weakness Enumeration
References