Lucene search

K
cve[email protected]CVE-2009-2940
HistoryOct 22, 2009 - 4:30 p.m.

CVE-2009-2940

2009-10-2216:30:00
NVD-CWE-Other
web.nvd.nist.gov
34
pygresql
python
pqescapestringconn
remote attackers
multibyte character encodings
cve-2009-2940

6.5 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

83.8%

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

6.5 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

83.8%

Related for CVE-2009-2940