Home

CVE-2019-10208

Description

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.188

Associated Vulnerability

VulnerabilityOS Platform
Update Postgresql 10.10 fixes multiple vulnerabilities.Windows
Update Postgresql 11.5 fixes multiple vulnerabilitiesWindows
Update Postgresql 9.4.24 fixes multiple vulnerabilitiesWindows
Update Postgresql 9.5.19 fixes multiple vulnerabilitiesWindows
Update Postgresql 9.6.15 fixes multiple vulnerabilitiesWindows
Vulnerabilities CVE-2019-10211,CVE-2019-10210,CVE-2019-10209,CVE-2019-10208 are fixed in PostgreSQL 11.5Windows
Vulnerabilities CVE-2019-10211,CVE-2019-10210,CVE-2019-10208 are fixed in PostgreSQL 10.10Windows
Vulnerabilities CVE-2019-10211,CVE-2019-10210,CVE-2019-10208 are fixed in PostgreSQL 9.6.15Windows
Vulnerabilities CVE-2019-10211,CVE-2019-10210,CVE-2019-10208 are fixed in PostgreSQL 9.5.19Windows
Vulnerabilities CVE-2019-10211,CVE-2019-10210,CVE-2019-10208 are fixed in PostgreSQL 9.4.24Windows
postgresql-11 security update(DSA-4493-1) postgresql-11_11.5-1+deb10u1_amd64.debLinux
Object-relational SQL database (USN-4090-1) postgresql-10_10.10-0ubuntu0.18.04.1_i386.debLinux
Object-relational SQL database (USN-4090-1) postgresql-10_10.10-0ubuntu0.18.04.1_amd64.debLinux
Object-relational SQL database (USN-4090-1) postgresql-11_11.5-0ubuntu0.19.04.1_i386.debLinux
Object-relational SQL database (USN-4090-1) postgresql-11_11.5-0ubuntu0.19.04.1_amd64.debLinux
Object-relational SQL database (USN-4090-1) postgresql-9.5_9.5.19-0ubuntu0.16.04.1_i386.debLinux
Object-relational SQL database (USN-4090-1) postgresql-9.5_9.5.19-0ubuntu0.16.04.1_amd64.debLinux
Update Postgresql 10.10 fixes multiple vulnerabilities. (For Linux)Linux
Update Postgresql 11.5 fixes multiple vulnerabilities (For Linux)Linux
Update Postgresql 9.4.24 fixes multiple vulnerabilities (For Linux)Linux
Update Postgresql 9.5.19 fixes multiple vulnerabilities (For Linux)Linux
Update Postgresql 9.6.15 fixes multiple vulnerabilities (For Linux)Linux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-contrib-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-debugsource-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-docs-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-plperl-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-plpython3-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-pltcl-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-server-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-server-devel-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-static-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-test-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
Postgresql update (ELSA-2020-5619-1) postgresql-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-contrib update (ELSA-2020-5619-1) postgresql-contrib-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-docs update (ELSA-2020-5619-1) postgresql-docs-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-plperl update (ELSA-2020-5619-1) postgresql-plperl-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-plpython3 update (ELSA-2020-5619-1) postgresql-plpython3-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-pltcl update (ELSA-2020-5619-1) postgresql-pltcl-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-server update (ELSA-2020-5619-1) postgresql-server-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-server-devel update (ELSA-2020-5619-1) postgresql-server-devel-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-static update (ELSA-2020-5619-1) postgresql-static-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-test update (ELSA-2020-5619-1) postgresql-test-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-test-rpm-macros update (ELSA-2020-5619-1) postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-9.2.24-6.el7_9.i686.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-9.2.24-6.el7_9.x86_64.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-contrib-9.2.24-6.el7_9.x86_64.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-devel-9.2.24-6.el7_9.i686.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-devel-9.2.24-6.el7_9.x86_64.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-docs-9.2.24-6.el7_9.x86_64.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-libs-9.2.24-6.el7_9.i686.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-libs-9.2.24-6.el7_9.x86_64.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-plperl-9.2.24-6.el7_9.x86_64.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-plpython-9.2.24-6.el7_9.x86_64.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-pltcl-9.2.24-6.el7_9.x86_64.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-server-9.2.24-6.el7_9.x86_64.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-static-9.2.24-6.el7_9.i686.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-static-9.2.24-6.el7_9.x86_64.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-test-9.2.24-6.el7_9.x86_64.rpmLinux
(RHSA-2021:1512) postgresql security update postgresql-upgrade-9.2.24-6.el7_9.x86_64.rpmLinux
Postgresql update (ELSA-2021-1512) postgresql-9.2.24-6.el7_9.i686.rpmLinux
Postgresql update (ELSA-2021-1512) postgresql-9.2.24-6.el7_9.x86_64.rpmLinux
Postgresql-contrib update (ELSA-2021-1512) postgresql-contrib-9.2.24-6.el7_9.x86_64.rpmLinux
Postgresql-devel update (ELSA-2021-1512) postgresql-devel-9.2.24-6.el7_9.i686.rpmLinux
Postgresql-devel update (ELSA-2021-1512) postgresql-devel-9.2.24-6.el7_9.x86_64.rpmLinux
Postgresql-docs update (ELSA-2021-1512) postgresql-docs-9.2.24-6.el7_9.x86_64.rpmLinux
Postgresql-libs update (ELSA-2021-1512) postgresql-libs-9.2.24-6.el7_9.i686.rpmLinux
Postgresql-libs update (ELSA-2021-1512) postgresql-libs-9.2.24-6.el7_9.x86_64.rpmLinux
Postgresql-plperl update (ELSA-2021-1512) postgresql-plperl-9.2.24-6.el7_9.x86_64.rpmLinux
Postgresql-plpython update (ELSA-2021-1512) postgresql-plpython-9.2.24-6.el7_9.x86_64.rpmLinux
Postgresql-pltcl update (ELSA-2021-1512) postgresql-pltcl-9.2.24-6.el7_9.x86_64.rpmLinux
Postgresql-server update (ELSA-2021-1512) postgresql-server-9.2.24-6.el7_9.x86_64.rpmLinux
Postgresql-test update (ELSA-2021-1512) postgresql-test-9.2.24-6.el7_9.x86_64.rpmLinux
Rh-postgresql10-postgresql update (ELSA-2021-9290) rh-postgresql10-postgresql-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-contrib update (ELSA-2021-9290) rh-postgresql10-postgresql-contrib-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-contrib-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-devel update (ELSA-2021-9290) rh-postgresql10-postgresql-devel-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-docs update (ELSA-2021-9290) rh-postgresql10-postgresql-docs-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-libs update (ELSA-2021-9290) rh-postgresql10-postgresql-libs-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-plperl update (ELSA-2021-9290) rh-postgresql10-postgresql-plperl-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-plpython update (ELSA-2021-9290) rh-postgresql10-postgresql-plpython-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-pltcl update (ELSA-2021-9290) rh-postgresql10-postgresql-pltcl-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-server update (ELSA-2021-9290) rh-postgresql10-postgresql-server-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-server-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-static update (ELSA-2021-9290) rh-postgresql10-postgresql-static-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-test update (ELSA-2021-9290) rh-postgresql10-postgresql-test-10.15-1.el7.x86_64.rpmLinux
Vulnerabilities CVE-2019-10211,CVE-2019-10210,CVE-2019-10209,CVE-2019-10208 are fixed in PostgreSQL 11.5 (For Linux)Linux
Vulnerabilities CVE-2019-10211,CVE-2019-10210,CVE-2019-10208 are fixed in PostgreSQL 10.10 (For Linux)Linux
Vulnerabilities CVE-2019-10211,CVE-2019-10210,CVE-2019-10208 are fixed in PostgreSQL 9.6.15 (For Linux)Linux
Vulnerabilities CVE-2019-10211,CVE-2019-10210,CVE-2019-10208 are fixed in PostgreSQL 9.5.19 (For Linux)Linux
Vulnerabilities CVE-2019-10211,CVE-2019-10210,CVE-2019-10208 are fixed in PostgreSQL 9.4.24 (For Linux)Linux
Postgresql-server update (ELSA-2024-10882) postgresql-server-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-pltcl update (ELSA-2024-10882) postgresql-pltcl-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-plpython update (ELSA-2024-10882) postgresql-plpython-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-plperl update (ELSA-2024-10882) postgresql-plperl-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.i686.rpmLinux
Postgresql-docs update (ELSA-2024-10882) postgresql-docs-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.i686.rpmLinux
Postgresql-contrib update (ELSA-2024-10882) postgresql-contrib-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.i686.rpmLinux
Postgresql-test update (ELSA-2024-10882) postgresql-test-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability (CVE-2019-10208)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234