PostgreSQL Client Library Vulnerability Affecting libpq
CVE-2018-10915
Key Information:
- Status
- Vendor
- CVE Published:
- 9 August 2018
What is CVE-2018-10915?
A security flaw exists in the libpq library of PostgreSQL, where internal state management between connections may fail to reset properly. When users employ 'host' or 'hostaddr' connection parameters sourced from untrusted input, an attacker could exploit this vulnerability to bypass client-side security measures. This could lead to unauthorized access to higher privilege connections, or potentially cause critical SQL injection issues due to malfunctioning PQescape() functions. Versions of PostgreSQL prior to 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected, making timely updates essential to protect against potential attacks.
Affected Version(s)
postgresql 10.5
postgresql 9.6.10
postgresql 9.5.14
References
EPSS Score
5% chance of being exploited in the next 30 days.
CVSS V3.1
CVSS V3.0
Timeline
Vulnerability published
Vulnerability Reserved
