CVE-2018-10915

09.08.2018, 20:29

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.

SQL Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.5 HIGH	NETWORK	HIGH	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 82%

Affected Products (NVD)

Vendor	Product	Version
redhat	virtualization	4.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_eus	7.5
redhat	enterprise_linux_workstation	7.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
debian	debian_linux	8.0
debian	debian_linux	9.0
postgresql	postgresql	9.3.0 ≤ 𝑥 < 9.3.24
postgresql	postgresql	9.4.0 ≤ 𝑥 < 9.4.19
postgresql	postgresql	9.5.0 ≤ 𝑥 < 9.5.14
postgresql	postgresql	9.6.0 ≤ 𝑥 < 9.6.10
postgresql	postgresql	10.0 ≤ 𝑥 < 10.5

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

postgresql-10

bionic	Fixed 10.5-0ubuntu0.18.04 released
cosmic	not-affected
disco	dne
trusty	dne
xenial	dne

postgresql-9.1

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	dne

postgresql-9.3

bionic	dne
cosmic	dne
disco	dne
trusty	Fixed 9.3.24-0ubuntu0.14.04 released
xenial	dne

postgresql-9.5

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	Fixed 9.5.14-0ubuntu0.16.04 released

openSUSE / SLES Releases

openSUSE Product

Release

libecpg6

suse enterprise sap 15	10.5-4.5.1 fixed
suse enterprise sap 15 SP1	10.6-6.25 fixed
suse enterprise server 15	10.5-4.5.1 fixed
suse enterprise server 15 SP1	10.6-6.25 fixed

libpq5

suse enterprise desktop 15	10.5-4.5.1 fixed
suse enterprise desktop 15 SP1	10.6-6.25 fixed
suse enterprise sap 15	10.5-4.5.1 fixed
suse enterprise sap 15 SP1	10.6-6.25 fixed
suse enterprise server 15	10.5-4.5.1 fixed
suse enterprise server 15 SP1	10.6-6.25 fixed

postgresql10

suse enterprise desktop 15	10.5-4.5.1 fixed
suse enterprise desktop 15 SP1	10.6-6.26 fixed
suse enterprise sap 15	10.5-4.5.1 fixed
suse enterprise sap 15 SP1	10.6-6.26 fixed
suse enterprise sap 15 SP3	10.16-8.29.1 fixed
suse enterprise server 15	10.5-4.5.1 fixed
suse enterprise server 15 SP1	10.6-6.26 fixed
suse enterprise server 15 SP3	10.16-8.29.1 fixed

postgresql10-contrib

suse enterprise sap 15	10.5-4.5.1 fixed
suse enterprise sap 15 SP1	10.6-6.26 fixed
suse enterprise sap 15 SP2	10.12-8.13.10 fixed
suse enterprise sap 15 SP3	10.16-8.29.1 fixed
suse enterprise server 15	10.5-4.5.1 fixed
suse enterprise server 15 SP1	10.6-6.26 fixed
suse enterprise server 15 SP2	10.12-8.13.10 fixed
suse enterprise server 15 SP3	10.16-8.29.1 fixed

postgresql10-devel

suse enterprise sap 15	10.5-4.5.1 fixed
suse enterprise sap 15 SP1	10.6-6.25 fixed
suse enterprise sap 15 SP2	10.12-8.13.9 fixed
suse enterprise sap 15 SP3	10.16-8.29.1 fixed
suse enterprise server 15	10.5-4.5.1 fixed
suse enterprise server 15 SP1	10.6-6.25 fixed
suse enterprise server 15 SP2	10.12-8.13.9 fixed
suse enterprise server 15 SP3	10.16-8.29.1 fixed

postgresql10-docs

suse enterprise sap 15	10.5-4.5.1 fixed
suse enterprise sap 15 SP1	10.6-6.26 fixed
suse enterprise sap 15 SP2	10.12-8.13.10 fixed
suse enterprise server 15	10.5-4.5.1 fixed
suse enterprise server 15 SP1	10.6-6.26 fixed
suse enterprise server 15 SP2	10.12-8.13.10 fixed

postgresql10-plperl

suse enterprise sap 15	10.5-4.5.1 fixed
suse enterprise sap 15 SP1	10.6-6.26 fixed
suse enterprise sap 15 SP2	10.12-8.13.10 fixed
suse enterprise sap 15 SP3	10.16-8.29.1 fixed
suse enterprise server 15	10.5-4.5.1 fixed
suse enterprise server 15 SP1	10.6-6.26 fixed
suse enterprise server 15 SP2	10.12-8.13.10 fixed
suse enterprise server 15 SP3	10.16-8.29.1 fixed

postgresql10-plpython

suse enterprise sap 15	10.5-4.5.1 fixed
suse enterprise sap 15 SP1	10.6-6.26 fixed
suse enterprise sap 15 SP2	10.12-8.13.10 fixed
suse enterprise sap 15 SP3	10.16-8.29.1 fixed
suse enterprise server 15	10.5-4.5.1 fixed
suse enterprise server 15 SP1	10.6-6.26 fixed
suse enterprise server 15 SP2	10.12-8.13.10 fixed
suse enterprise server 15 SP3	10.16-8.29.1 fixed

postgresql10-pltcl

suse enterprise sap 15	10.5-4.5.1 fixed
suse enterprise sap 15 SP1	10.6-6.26 fixed
suse enterprise sap 15 SP2	10.12-8.13.10 fixed
suse enterprise sap 15 SP3	10.16-8.29.1 fixed
suse enterprise server 15	10.5-4.5.1 fixed
suse enterprise server 15 SP1	10.6-6.26 fixed
suse enterprise server 15 SP2	10.12-8.13.10 fixed
suse enterprise server 15 SP3	10.16-8.29.1 fixed

postgresql10-server

suse enterprise sap 15	10.5-4.5.1 fixed
suse enterprise sap 15 SP1	10.6-6.26 fixed
suse enterprise sap 15 SP2	10.12-8.13.10 fixed
suse enterprise sap 15 SP3	10.16-8.29.1 fixed
suse enterprise server 15	10.5-4.5.1 fixed
suse enterprise server 15 SP1	10.6-6.26 fixed
suse enterprise server 15 SP2	10.12-8.13.10 fixed
suse enterprise server 15 SP3	10.16-8.29.1 fixed

postgresql94

suse enterprise sap 12 SP1	9.4.19-21.22.7 fixed
suse enterprise sap 12 SP2	9.4.19-21.22.7 fixed
suse enterprise server 12	9.4.19-21.22.7 fixed
suse enterprise server 12 SP1	9.4.19-21.22.7 fixed
suse enterprise server 12 SP2	9.4.19-21.22.7 fixed

postgresql94-contrib

suse enterprise sap 12 SP1	9.4.19-21.22.7 fixed
suse enterprise sap 12 SP2	9.4.19-21.22.7 fixed
suse enterprise server 12	9.4.19-21.22.7 fixed
suse enterprise server 12 SP1	9.4.19-21.22.7 fixed
suse enterprise server 12 SP2	9.4.19-21.22.7 fixed

postgresql94-docs

suse enterprise sap 12 SP1	9.4.19-21.22.7 fixed
suse enterprise sap 12 SP2	9.4.19-21.22.7 fixed
suse enterprise server 12	9.4.19-21.22.7 fixed
suse enterprise server 12 SP1	9.4.19-21.22.7 fixed
suse enterprise server 12 SP2	9.4.19-21.22.7 fixed

postgresql94-server

suse enterprise sap 12 SP1	9.4.19-21.22.7 fixed
suse enterprise sap 12 SP2	9.4.19-21.22.7 fixed
suse enterprise server 12	9.4.19-21.22.7 fixed
suse enterprise server 12 SP1	9.4.19-21.22.7 fixed
suse enterprise server 12 SP2	9.4.19-21.22.7 fixed

postgresql96

suse enterprise sap 12 SP1	9.6.10-3.22.7 fixed
suse enterprise sap 12 SP2	9.6.10-3.22.7 fixed
suse enterprise sap 12 SP3	9.6.10-3.22.7 fixed
suse enterprise server 12	9.6.10-3.22.7 fixed
suse enterprise server 12 SP1	9.6.10-3.22.7 fixed
suse enterprise server 12 SP2	9.6.10-3.22.7 fixed
suse enterprise server 12 SP3	9.6.10-3.22.7 fixed

postgresql96-contrib

suse enterprise sap 12 SP1	9.6.10-3.22.7 fixed
suse enterprise sap 12 SP2	9.6.10-3.22.7 fixed
suse enterprise sap 12 SP3	9.6.10-3.22.7 fixed
suse enterprise server 12	9.6.10-3.22.7 fixed
suse enterprise server 12 SP1	9.6.10-3.22.7 fixed
suse enterprise server 12 SP2	9.6.10-3.22.7 fixed
suse enterprise server 12 SP3	9.6.10-3.22.7 fixed

postgresql96-docs

suse enterprise sap 12 SP1	9.6.10-3.22.7 fixed
suse enterprise sap 12 SP2	9.6.10-3.22.7 fixed
suse enterprise sap 12 SP3	9.6.10-3.22.7 fixed
suse enterprise server 12	9.6.10-3.22.7 fixed
suse enterprise server 12 SP1	9.6.10-3.22.7 fixed
suse enterprise server 12 SP2	9.6.10-3.22.7 fixed
suse enterprise server 12 SP3	9.6.10-3.22.7 fixed

postgresql96-server

suse enterprise sap 12 SP1	9.6.10-3.22.7 fixed
suse enterprise sap 12 SP2	9.6.10-3.22.7 fixed
suse enterprise sap 12 SP3	9.6.10-3.22.7 fixed
suse enterprise server 12	9.6.10-3.22.7 fixed
suse enterprise server 12 SP1	9.6.10-3.22.7 fixed
suse enterprise server 12 SP2	9.6.10-3.22.7 fixed
suse enterprise server 12 SP3	9.6.10-3.22.7 fixed