CVE-2009-2943

2009-10-2216:30:00

Debian Security Bug Tracker

security-tracker.debian.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON

The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

OSVersionArchitecturePackageVersionFilename
Debian12allpostgresql-ocaml< 1.12.1-1postgresql-ocaml_1.12.1-1_all.deb
Debian11allpostgresql-ocaml< 1.12.1-1postgresql-ocaml_1.12.1-1_all.deb
Debian10allpostgresql-ocaml< 1.12.1-1postgresql-ocaml_1.12.1-1_all.deb
Debian999allpostgresql-ocaml< 1.12.1-1postgresql-ocaml_1.12.1-1_all.deb
Debian13allpostgresql-ocaml< 1.12.1-1postgresql-ocaml_1.12.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	postgresql-ocaml	< 1.12.1-1	postgresql-ocaml_1.12.1-1_all.deb
Debian	11	all	postgresql-ocaml	< 1.12.1-1	postgresql-ocaml_1.12.1-1_all.deb
Debian	10	all	postgresql-ocaml	< 1.12.1-1	postgresql-ocaml_1.12.1-1_all.deb
Debian	999	all	postgresql-ocaml	< 1.12.1-1	postgresql-ocaml_1.12.1-1_all.deb
Debian	13	all	postgresql-ocaml	< 1.12.1-1	postgresql-ocaml_1.12.1-1_all.deb