CVE-2018-10915

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-10915
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10915.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-10915
Downstream
Related
Published
2018-08-09T20:29:00Z
Modified
2025-10-15T09:19:34.479030Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.

References

Affected packages

Git / git.postgresql.org/git/postgresql.git

Affected ranges

Type
GIT
Repo
https://git.postgresql.org/git/postgresql.git
Events
Introduced
da645b3a73580ac30cf02e932b42d06157b98229
Fixed
e0fb7a2ce39f25cbbbe50c95aebdab1ee3beff23

Affected versions

Other

REL9_3_0
REL9_3_1
REL9_3_10
REL9_3_11
REL9_3_12
REL9_3_13
REL9_3_14
REL9_3_15
REL9_3_16
REL9_3_17
REL9_3_18
REL9_3_19
REL9_3_2
REL9_3_20
REL9_3_21
REL9_3_22
REL9_3_23
REL9_3_3
REL9_3_4
REL9_3_5
REL9_3_6
REL9_3_7
REL9_3_8
REL9_3_9