CVE-2012-3489
Description
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.956
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2012-3488,CVE-2012-3489 are affected in Postgresql 9.1.4 | Windows |
| Vulnerabilities CVE-2012-3489,CVE-2012-3488 are fixed in PostgreSQL 9.1.5 | Windows |
| Vulnerabilities CVE-2012-3489,CVE-2012-3488 are fixed in PostgreSQL 9.0.9 | Windows |
| Vulnerabilities CVE-2012-3489,CVE-2012-3488 are fixed in PostgreSQL 8.4.13 | Windows |
| Vulnerabilities CVE-2012-3489,CVE-2012-3488 are fixed in PostgreSQL 8.3.20 | Windows |
| Vulnerability CVE-2012-3488,CVE-2012-3489 are affected in Postgresql 9.1.4 (For Linux) | Linux |
| Vulnerabilities CVE-2012-3489,CVE-2012-3488 are fixed in PostgreSQL 9.1.5 (For Linux) | Linux |
| Vulnerabilities CVE-2012-3489,CVE-2012-3488 are fixed in PostgreSQL 9.0.9 (For Linux) | Linux |
| Vulnerabilities CVE-2012-3489,CVE-2012-3488 are fixed in PostgreSQL 8.4.13 (For Linux) | Linux |
| Vulnerabilities CVE-2012-3489,CVE-2012-3488 are fixed in PostgreSQL 8.3.20 (For Linux) | Linux |
| Postgresql-server update (ELSA-2024-10882) postgresql-server-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-pltcl update (ELSA-2024-10882) postgresql-pltcl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plpython update (ELSA-2024-10882) postgresql-plpython-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plperl update (ELSA-2024-10882) postgresql-plperl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-docs update (ELSA-2024-10882) postgresql-docs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-contrib update (ELSA-2024-10882) postgresql-contrib-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-test update (ELSA-2024-10882) postgresql-test-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234