Lucene search

[email protected]NVD:CVE-2016-5424

HistoryDec 09, 2016 - 11:59 p.m.

CVE-2016-5424

2016-12-0923:59:02

CWE-94

[email protected]

web.nvd.nist.gov

4.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.1%

JSON

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Affected configurations

NVD

Node

debiandebian_linuxMatch8.0

Node

postgresqlpostgresqlRange≤9.1.22

postgresqlpostgresqlMatch9.2

postgresqlpostgresqlMatch9.2.1

postgresqlpostgresqlMatch9.2.2

postgresqlpostgresqlMatch9.2.3

postgresqlpostgresqlMatch9.2.4

postgresqlpostgresqlMatch9.2.5

postgresqlpostgresqlMatch9.2.6

postgresqlpostgresqlMatch9.2.7

postgresqlpostgresqlMatch9.2.8

postgresqlpostgresqlMatch9.2.9

postgresqlpostgresqlMatch9.2.10

postgresqlpostgresqlMatch9.2.11

postgresqlpostgresqlMatch9.2.12

postgresqlpostgresqlMatch9.2.13

postgresqlpostgresqlMatch9.2.14

postgresqlpostgresqlMatch9.2.15

postgresqlpostgresqlMatch9.2.16

postgresqlpostgresqlMatch9.2.17

postgresqlpostgresqlMatch9.3

postgresqlpostgresqlMatch9.3.1

postgresqlpostgresqlMatch9.3.2

postgresqlpostgresqlMatch9.3.3

postgresqlpostgresqlMatch9.3.4

postgresqlpostgresqlMatch9.3.5

postgresqlpostgresqlMatch9.3.6

postgresqlpostgresqlMatch9.3.7

postgresqlpostgresqlMatch9.3.8

postgresqlpostgresqlMatch9.3.9

postgresqlpostgresqlMatch9.3.10

postgresqlpostgresqlMatch9.3.11

postgresqlpostgresqlMatch9.3.12

postgresqlpostgresqlMatch9.3.13

postgresqlpostgresqlMatch9.4

postgresqlpostgresqlMatch9.4.1

postgresqlpostgresqlMatch9.4.2

postgresqlpostgresqlMatch9.4.3

postgresqlpostgresqlMatch9.4.4

postgresqlpostgresqlMatch9.4.5

postgresqlpostgresqlMatch9.4.6

postgresqlpostgresqlMatch9.4.7

postgresqlpostgresqlMatch9.4.8

postgresqlpostgresqlMatch9.5

postgresqlpostgresqlMatch9.5.1

postgresqlpostgresqlMatch9.5.2

postgresqlpostgresqlMatch9.5.3

References

rhn.redhat.com/errata/RHSA-2016-1781.html

rhn.redhat.com/errata/RHSA-2016-1820.html

rhn.redhat.com/errata/RHSA-2016-1821.html

rhn.redhat.com/errata/RHSA-2016-2606.html

www.debian.org/security/2016/dsa-3646

www.securityfocus.com/bid/92435

www.securitytracker.com/id/1036617

access.redhat.com/errata/RHSA-2017:2425

security.gentoo.org/glsa/201701-33

www.postgresql.org/about/news/1688/

www.postgresql.org/docs/current/static/release-9-1-23.html

www.postgresql.org/docs/current/static/release-9-2-18.html

www.postgresql.org/docs/current/static/release-9-3-14.html

www.postgresql.org/docs/current/static/release-9-4-9.html

www.postgresql.org/docs/current/static/release-9-5-4.html

4.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.1%

JSON

Related for NVD:CVE-2016-5424

redhatcve1 ubuntucve1 cve1 postgresql1 prion1 veracode1 cvelist1 freebsd2 nessus26 suse6 openvas19 fedora3 debian3 redhat5 oraclelinux1 centos1 mageia1 ibm3 kaspersky1 osv2 archlinux1 amazon1 ubuntu1 gentoo1