PT-2009-5290 · Postgresql · Libpq+1

Published

2009-10-22

Updated

2009-10-23

CVE-2009-2943

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: postgresql-ocaml bindings versions 1.5.4, 1.7.0, and 1.12.1

Description: The issue is related to the improper support of the PQescapeStringConn function in the postgresql-ocaml bindings for PostgreSQL libpq. This might allow remote attackers to exploit escaping issues involving multibyte character encodings.

Recommendations: For version 1.5.4, update to a version that properly supports the PQescapeStringConn function. For version 1.7.0, update to a version that properly supports the PQescapeStringConn function. For version 1.12.1, update to a version that properly supports the PQescapeStringConn function.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2009-2943

DSA-1909-1

Affected Products

Libpq

Postgresql-Ocaml Bindings

PT-2009-5290 · Postgresql · Libpq+1

CVE-2009-2943

Related Identifiers

Affected Products

References · 7