PostgreSQL Client Library Vulnerability Affecting libpq
CVE-2018-10915
8.5HIGH
Key Information:
- Status
- Vendor
- CVE Published:
- 9 August 2018
What is CVE-2018-10915?
A security flaw exists in the libpq library of PostgreSQL, where internal state management between connections may fail to reset properly. When users employ 'host' or 'hostaddr' connection parameters sourced from untrusted input, an attacker could exploit this vulnerability to bypass client-side security measures. This could lead to unauthorized access to higher privilege connections, or potentially cause critical SQL injection issues due to malfunctioning PQescape() functions. Versions of PostgreSQL prior to 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected, making timely updates essential to protect against potential attacks.
Affected Version(s)
postgresql 10.5
postgresql 9.6.10
postgresql 9.5.14