Home

CVE-2016-5423

Description

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.

Risk Information

Base Score
8.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
EPSS Score
Exploitation Probability
2.712

Associated Vulnerability

VulnerabilityOS Platform
Update PostgressSQL to 9.1.23Windows
Update PostgressSQL to 9.3.14Windows
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.5.4Windows
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.4.9Windows
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.3.14Windows
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.2.18Windows
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.1.23Windows
object-relational SQL database (USN-3066-1) postgresql-9.1_9.1.23-0ubuntu0.12.04_i386.debLinux
object-relational SQL database (USN-3066-1) postgresql-9.1_9.1.23-0ubuntu0.12.04_amd64.debLinux
object-relational SQL database (USN-3066-1) postgresql-9.3_9.3.14-0ubuntu0.14.04_i386.debLinux
object-relational SQL database (USN-3066-1) postgresql-9.3_9.3.14-0ubuntu0.14.04_amd64.debLinux
object-relational SQL database (USN-3066-1) postgresql-9.5_9.5.4-0ubuntu0.16.04_i386.debLinux
object-relational SQL database (USN-3066-1) postgresql-9.5_9.5.4-0ubuntu0.16.04_amd64.debLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) libecpg6-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) libecpg6-debuginfo-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpq5-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpq5-32bit-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpq5-debuginfo-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpq5-debuginfo-32bit-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) postgresql94-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Server 12-SP1 ) postgresql94-contrib-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Server 12-SP1 ) postgresql94-contrib-debuginfo-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) postgresql94-debuginfo-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) postgresql94-debugsource-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Server 12-SP1 ) postgresql94-docs-9.4.9-14.1.noarch.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) postgresql94-libs-debugsource-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Server 12-SP1 ) postgresql94-server-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Server 12-SP1 ) postgresql94-server-debuginfo-9.4.9-14.1.x86_64.rpmLinux
Update PostgressSQL to 9.1.23 (For Linux)Linux
Update PostgressSQL to 9.3.14 (For Linux)Linux
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.5.4 (For Linux)Linux
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.4.9 (For Linux)Linux
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.3.14 (For Linux)Linux
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.2.18 (For Linux)Linux
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.1.23 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234