CVE-2013-1900
PostgreSQL 8.4.x-9.2.x - Insufficient Random Number Generation in pgcrypto Functions
Title source: llmDescription
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."
References (21)
Core 21
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1475.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5892
Various Sources x_refsource_confirm
http://www.postgresql.org/docs/current/static/release-8-4-17.html
Various Sources x_refsource_confirm
http://www.postgresql.org/docs/current/static/release-9-2-4.html
Vendor Advisory x_refsource_confirm
http://www.postgresql.org/about/news/1456/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2657
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
Various Sources x_refsource_confirm
http://www.postgresql.org/docs/current/static/release-9-0-13.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1789-1
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
Various Sources x_refsource_confirm
http://www.postgresql.org/docs/current/static/release-9-1-9.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2658
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5880
Scores
EPSS
0.0057
EPSS Percentile
68.7%
Details
CWE
CWE-189
Status
published
Products (48)
canonical/ubuntu_linux
8.04
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
11.10
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
postgresql/postgresql
9.2
postgresql/postgresql
9.2.1
postgresql/postgresql
9.2.2
postgresql/postgresql
9.2.3
postgresql/postgresql
9.1
... and 38 more
Published
Apr 04, 2013
Tracked Since
Feb 18, 2026