CVE-2014-0061

2014-03-3114:58:00

CWE-264

[email protected]

web.nvd.nist.gov

147

postgresql

pl validator functions

cve-2014-0061

security vulnerability

nvd

8.9 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.8%

JSON

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.

CPENameOperatorVersion
postgresql:postgresqlpostgresqleq8.4.8
postgresql:postgresqlpostgresqleq9.0.11
postgresql:postgresqlpostgresqleq9.2.1
postgresql:postgresqlpostgresqleq9.1.4
postgresql:postgresqlpostgresqleq8.4.4
postgresql:postgresqlpostgresqleq8.4.1
postgresql:postgresqlpostgresqleq9.0.13
postgresql:postgresqlpostgresqleq9.3
postgresql:postgresqlpostgresqleq8.4.18
postgresql:postgresqlpostgresqleq9.0.7

CPE	Name	Operator	Version
postgresql:postgresql	postgresql	eq	8.4.8
postgresql:postgresql	postgresql	eq	9.0.11
postgresql:postgresql	postgresql	eq	9.2.1
postgresql:postgresql	postgresql	eq	9.1.4
postgresql:postgresql	postgresql	eq	8.4.4
postgresql:postgresql	postgresql	eq	8.4.1
postgresql:postgresql	postgresql	eq	9.0.13
postgresql:postgresql	postgresql	eq	9.3
postgresql:postgresql	postgresql	eq	8.4.18
postgresql:postgresql	postgresql	eq	9.0.7