CVE-2009-2943

Published Oct 22, 2009

Last updated 15 years ago

Overview

Description: The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ocaml:postgresql-ocaml:1.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C296D974-BD89-49F3-BDF5-AC3C785C8A5B"
          },
          {
            "criteria": "cpe:2.3:a:ocaml:postgresql-ocaml:1.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66272BD6-9D54-453B-A9E4-4C55815867DA"
          },
          {
            "criteria": "cpe:2.3:a:ocaml:postgresql-ocaml:1.12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65D298B6-EE75-4B8A-92DE-197727DBF00B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E5A47A8B-5F2B-42B1-A8F6-ACDBEA4D8485"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References