Home

CVE-2018-16850

Description

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.317

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-16850 are fixed in PostgreSQL 11.1Windows
Vulnerabilities CVE-2018-16850 are fixed in PostgreSQL 10.6Windows
Object-relational SQL database (USN-3818-1) postgresql-10_10.6-0ubuntu0.18.04.1_i386.debLinux
Object-relational SQL database (USN-3818-1) postgresql-10_10.6-0ubuntu0.18.04.1_amd64.debLinux
Object-relational SQL database (USN-3818-1) postgresql-10_10.6-0ubuntu0.18.10.1_i386.debLinux
Object-relational SQL database (USN-3818-1) postgresql-10_10.6-0ubuntu0.18.10.1_amd64.debLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Desktop 12-SP3 ) libecpg6-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Desktop 12-SP3 ) libecpg6-debuginfo-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Desktop 12-SP3 ) libpq5-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Desktop 12-SP3 ) libpq5-32bit-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Desktop 12-SP3 ) libpq5-debuginfo-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Desktop 12-SP3 ) libpq5-debuginfo-32bit-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Desktop 12-SP3 ) postgresql10-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Desktop 12-SP3 ) postgresql10-debuginfo-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Desktop 12-SP3 ) postgresql10-debugsource-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Desktop 12-SP3 ) postgresql10-libs-debugsource-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Server 12-SP3 ) postgresql10-contrib-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Server 12-SP3 ) postgresql10-contrib-debuginfo-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Server 12-SP3 ) postgresql10-docs-10.6-1.6.1.noarch.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Server 12-SP3 ) postgresql10-server-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-1(SUSE Linux Enterprise Server 12-SP3 ) postgresql10-server-debuginfo-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Desktop 12-SP4 ) libecpg6-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Desktop 12-SP4 ) libecpg6-debuginfo-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Desktop 12-SP4 ) libpq5-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Desktop 12-SP4 ) libpq5-32bit-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Desktop 12-SP4 ) libpq5-debuginfo-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Desktop 12-SP4 ) libpq5-debuginfo-32bit-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Desktop 12-SP4 ) postgresql10-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Desktop 12-SP4 ) postgresql10-debuginfo-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Desktop 12-SP4 ) postgresql10-debugsource-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Desktop 12-SP4 ) postgresql10-libs-debugsource-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Server 12-SP4 ) postgresql10-contrib-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Server 12-SP4 ) postgresql10-contrib-debuginfo-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Server 12-SP4 ) postgresql10-docs-10.6-1.6.1.noarch.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Server 12-SP4 ) postgresql10-server-10.6-1.6.1.x86_64.rpmLinux
SUSE-SU-2018:3770-2(SUSE Linux Enterprise Server 12-SP4 ) postgresql10-server-debuginfo-10.6-1.6.1.x86_64.rpmLinux
Vulnerabilities CVE-2018-16850 are fixed in PostgreSQL 11.1 (For Linux)Linux
Vulnerabilities CVE-2018-16850 are fixed in PostgreSQL 10.6 (For Linux)Linux
Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability (CVE-2018-16850)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234