CVE-2025-1094

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-1094

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1094.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-1094

Aliases

BIT-postgresql-2025-1094

Related

Published

2025-02-13T13:15:09Z

Modified

2025-02-21T19:53:34.269959Z

Summary

[none]

Details

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when clientencoding is BIG5 and serverencoding is one of EUCTW or MULEINTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.

References

Affected packages

Alpine:v3.18 / postgresql14

Package

Name: postgresql14
Purl: pkg:apk/alpine/postgresql14?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

14.17-r0

Affected versions

8.*

8.3.5-r0

8.3.7-r0

8.3.7-r1

8.3.7-r2

8.3.7-r3

8.4.0-r0

8.4.0-r1

8.4.0-r2

8.4.1-r0

8.4.1-r1

8.4.2-r0

8.4.2-r1

8.4.3-r0

8.4.3-r1

8.4.3-r2

8.4.3-r3

8.4.4-r0

9.*

9.0.1-r0

9.0.2-r0

9.0.3-r0

9.0.3-r1

9.0.4-r0

9.1.0-r0

9.1.0-r1

9.1.1-r0

9.1.1-r1

9.1.1-r2

9.1.2-r0

9.1.2-r1

9.1.2-r2

9.1.3-r0

9.1.4-r0

9.1.5-r0

9.2.0-r0

9.2.0-r1

9.2.1-r0

9.2.1-r1

9.2.1-r2

9.2.2-r0

9.2.3-r0

9.2.4-r0

9.3.0-r0

9.3.0-r1

9.3.0-r2

9.3.1-r0

9.3.2-r0

9.3.3-r0

9.3.3-r1

9.3.3-r2

9.3.4-r0

9.3.4-r1

9.3.5-r0

9.3.5-r1

9.4.0-r0

9.4.1-r0

9.4.1-r1

9.4.1-r2

9.4.1-r3

9.4.2-r0

9.4.3-r0

9.4.4-r0

9.4.5-r0

9.4.5-r1

9.5.0-r0

9.5.1-r0

9.5.2-r0

9.5.2-r1

9.5.2-r2

9.5.2-r3

9.5.2-r4

9.5.3-r0

9.5.3-r1

9.5.4-r0

9.6.0-r0

9.6.0-r1

9.6.1-r0

9.6.1-r1

9.6.2-r0

9.6.2-r1

9.6.2-r2

9.6.2-r3

9.6.2-r4

9.6.3-r0

9.6.4-r0

9.6.4-r1

9.6.5-r0

9.6.5-r1

10.*

10.0-r0

10.0-r1

10.1-r0

10.1-r1

10.1-r2

10.2-r0

10.3-r0

10.3-r1

10.4-r0

10.5-r0

11.*

11.0-r0

11.0-r1

11.1-r0

11.2-r0

11.2-r1

11.3-r0

11.3-r1

11.3-r2

11.4-r0

11.4-r1

11.5-r0

11.5-r1

11.5-r2

12.*

12.0-r0

12.0-r1

12.1-r0

12.1-r1

12.1-r2

12.2-r0

12.2-r1

12.2-r2

12.2-r3

12.3-r0

12.3-r1

12.3-r2

12.4-r0

12.4-r1

12.5-r0

12.5-r1

13.*

13.1-r0

13.1-r1

13.1-r2

13.2-r0

13.2-r1

13.2-r2

13.2-r3

13.2-r4

13.3-r0

13.3-r1

13.4-r0

13.4-r1

13.4-r2

14.*

14.0-r0

14.0-r2

14.0-r3

14.0-r4

14.0-r5

14.0-r6

14.1-r0

14.1-r1

14.1-r2

14.1-r3

14.1-r4

14.1-r5

14.1-r6

14.1-r7

14.2-r0

14.2-r1

14.2-r2

14.2-r3

14.3-r0

14.3-r1

14.4-r0

14.4-r1

14.4-r2

14.5-r0

14.5-r1

14.5-r2

14.5-r3

14.6-r0

14.6-r1

14.7-r0

14.7-r1

14.7-r2

14.7-r3

14.7-r4

14.8-r0

14.9-r0

14.10-r0

14.11-r0

14.12-r0

14.13-r0

14.14-r0

14.15-r0

Alpine:v3.18 / postgresql15

Package

Name: postgresql15
Purl: pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

15.11-r0

Affected versions

15.*

15.1-r0

15.1-r1

15.2-r0

15.2-r1

15.2-r2

15.2-r3

15.2-r4

15.3-r0

15.4-r0

15.5-r0

15.6-r0

15.7-r0

15.8-r0

15.9-r0

15.10-r0

Alpine:v3.19 / postgresql15

Package

Name: postgresql15
Purl: pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

15.11-r0

Affected versions

15.*

15.1-r0

15.1-r1

15.2-r0

15.2-r1

15.2-r2

15.2-r3

15.2-r4

15.3-r0

15.3-r1

15.4-r0

15.4-r1

15.4-r2

15.5-r0

15.6-r0

15.7-r0

15.8-r0

15.9-r0

15.10-r0

Alpine:v3.19 / postgresql16

Package

Name: postgresql16
Purl: pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.8-r0

Affected versions

16.*

16.0-r0

16.0-r1

16.0-r2

16.1-r0

16.2-r0

16.2-r1

16.3-r0

16.4-r0

16.5-r0

16.6-r0

Alpine:v3.20 / postgresql15

Package

Name: postgresql15
Purl: pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

15.11-r0

Affected versions

15.*

15.1-r0

15.1-r1

15.2-r0

15.2-r1

15.2-r2

15.2-r3

15.2-r4

15.3-r0

15.3-r1

15.4-r0

15.4-r1

15.4-r2

15.5-r0

15.6-r0

15.6-r1

15.6-r2

15.7-r0

15.8-r0

15.9-r0

15.10-r0

Alpine:v3.20 / postgresql16

Package

Name: postgresql16
Purl: pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.8-r0

Affected versions

16.*

16.0-r0

16.0-r1

16.0-r2

16.1-r0

16.2-r0

16.2-r1

16.2-r2

16.2-r3

16.2-r4

16.3-r0

16.4-r0

16.5-r0

16.6-r0

Alpine:v3.21 / postgresql16

Package

Name: postgresql16
Purl: pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.8-r0

Affected versions

16.*

16.0-r0

16.0-r1

16.0-r2

16.1-r0

16.2-r0

16.2-r1

16.2-r2

16.2-r3

16.2-r4

16.3-r0

16.3-r1

16.4-r0

16.4-r1

16.5-r0

16.6-r0

Alpine:v3.21 / postgresql17

Package

Name: postgresql17
Purl: pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.4-r0

Affected versions

17.*

17.0-r0

17.0-r1

17.1-r0

17.2-r0

Debian:11 / postgresql-13

Package

Name: postgresql-13
Purl: pkg:deb/debian/postgresql-13?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

13.20-0+deb11u1

Affected versions

13.*

13.3-1

13.4-0+deb11u1

13.4-1

13.4-2

13.4-3

13.5-0+deb11u1

13.7-0+deb11u1

13.8-0+deb11u1

13.9-0+deb11u1

13.10-0+deb11u1

13.11-0+deb11u1

13.12-0+deb11u1

13.13-0+deb11u1

13.14-0+deb11u1

13.15-0+deb11u1

13.16-0+deb11u1

13.17-0+deb11u1

13.18-0+deb11u1

13.19-0+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / postgresql-15

Package

Name: postgresql-15
Purl: pkg:deb/debian/postgresql-15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

15.*

15.3-0+deb12u1

15.3-1

15.4-0+deb12u1

15.4-1

15.4-2

15.4-3

15.5-0+deb12u1

15.6-0+deb12u1

15.7-0+deb12u1

15.8-0+deb12u1

15.9-0+deb12u1

15.10-0+deb12u1

15.11-0+deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / postgresql-17

Package

Name: postgresql-17
Purl: pkg:deb/debian/postgresql-17?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.3-1

Affected versions

Other

17~~devel20240509-1

17~beta1-1

17~beta2-1

17~beta3-1

17~rc1-1

17.*

17.0-1

17.1-1

17.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}