CVE-2012-0868

PostgreSQL <8.3.18, <8.4.11, <9.0.7, <9.1.3 - SQL Injection

Title source: llm
STIX 2.1

Description

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

References (14)

Core 14
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0678.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0677.html
Vendor Advisory x_refsource_confirm
http://www.postgresql.org/about/news/1377/
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:027
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49273
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:026
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2418
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49272
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html

Scores

EPSS 0.0437
EPSS Percentile 89.1%

Details

CWE
CWE-89
Status published
Products (39)
postgresql/postgresql 8.3
postgresql/postgresql 8.3.1
postgresql/postgresql 8.3.2
postgresql/postgresql 8.3.3
postgresql/postgresql 8.3.4
postgresql/postgresql 8.3.5
postgresql/postgresql 8.3.6
postgresql/postgresql 8.3.7
postgresql/postgresql 8.3.8
postgresql/postgresql 8.3.9
... and 29 more
Published Jul 18, 2012
Tracked Since Feb 18, 2026