Home

CVE-2016-5424

Description

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) (double quote), (2) (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Risk Information

Base Score
7.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.294

Associated Vulnerability

VulnerabilityOS Platform
Update PostgressSQL to 9.1.23Windows
Update PostgressSQL to 9.3.14Windows
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.5.4Windows
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.4.9Windows
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.3.14Windows
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.2.18Windows
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.1.23Windows
object-relational SQL database (USN-3066-1) postgresql-9.1_9.1.23-0ubuntu0.12.04_i386.debLinux
object-relational SQL database (USN-3066-1) postgresql-9.1_9.1.23-0ubuntu0.12.04_amd64.debLinux
object-relational SQL database (USN-3066-1) postgresql-9.3_9.3.14-0ubuntu0.14.04_i386.debLinux
object-relational SQL database (USN-3066-1) postgresql-9.3_9.3.14-0ubuntu0.14.04_amd64.debLinux
object-relational SQL database (USN-3066-1) postgresql-9.5_9.5.4-0ubuntu0.16.04_i386.debLinux
object-relational SQL database (USN-3066-1) postgresql-9.5_9.5.4-0ubuntu0.16.04_amd64.debLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) libecpg6-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) libecpg6-debuginfo-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpq5-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpq5-32bit-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpq5-debuginfo-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpq5-debuginfo-32bit-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) postgresql94-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Server 12-SP1 ) postgresql94-contrib-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Server 12-SP1 ) postgresql94-contrib-debuginfo-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) postgresql94-debuginfo-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) postgresql94-debugsource-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Server 12-SP1 ) postgresql94-docs-9.4.9-14.1.noarch.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Desktop 12-SP1 ) postgresql94-libs-debugsource-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Server 12-SP1 ) postgresql94-server-9.4.9-14.1.x86_64.rpmLinux
SUSE-SU-2016:2415-1(SUSE Linux Enterprise Server 12-SP1 ) postgresql94-server-debuginfo-9.4.9-14.1.x86_64.rpmLinux
Update PostgressSQL to 9.1.23 (For Linux)Linux
Update PostgressSQL to 9.3.14 (For Linux)Linux
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.5.4 (For Linux)Linux
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.4.9 (For Linux)Linux
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.3.14 (For Linux)Linux
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.2.18 (For Linux)Linux
Vulnerabilities CVE-2016-5424,CVE-2016-5423 are fixed in PostgreSQL 9.1.23 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234