8.8

CVE-2018-1058

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostgresqlPostgresql Version >= 9.3 < 9.3.22
PostgresqlPostgresql Version >= 9.4 < 9.4.17
PostgresqlPostgresql Version >= 9.5 < 9.5.12
PostgresqlPostgresql Version >= 9.6 < 9.6.8
PostgresqlPostgresql Version >= 10.0 < 10.3
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
RedhatCloudforms Version4.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.14% 0.961
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2018:2511
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2566
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3816
Third Party Advisory
http://www.securityfocus.com/bid/103221
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1547044
Third Party Advisory
Issue Tracking
https://usn.ubuntu.com/3589-1/
Third Party Advisory
https://www.postgresql.org/about/news/1834/
Vendor Advisory