CVE-2018-1058

Name
CVE-2018-1058
Description
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.postgresql.org/about/news/1834/
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1547044
Third Party Advisory http://www.securityfocus.com/bid/103221
Third Party Advisory https://usn.ubuntu.com/3589-1/
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2511
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2566
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3816

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* postgresql >= 9.3 <= 10.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status