CVE-2025-1094

Name

CVE-2025-1094

Description

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007	https://www.postgresql.org/support/security/CVE-2025-1094/
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/02/msg00015.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/02/16/3
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/02/20/1
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/02/msg00024.html
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250221-0010/

Match rules

CPE URI	Source package	Min version	Max version
	postgresql	>= 17	< 17.3
	postgresql	>= 16	< 16.7
	postgresql	>= 15	< 15.11
	postgresql	>= 14	< 14.16
	postgresql	>= 0	< 13.19

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
postgresql17	edge-main	17.4-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
postgresql17	3.22-main	17.4-r0	None	fixed
postgresql17	3.21-main	17.4-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
postgresql16	edge-main	16.8-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
postgresql16	edge-community	16.8-r0	None	fixed
postgresql16	3.22-main	16.8-r0	None	fixed
postgresql16	3.21-main	16.8-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
postgresql16	3.20-main	16.8-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
postgresql16	3.19-main	16.8-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
postgresql15	edge-community	15.11-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
postgresql15	3.22-community	15.11-r0	None	fixed
postgresql15	3.21-community	15.11-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
postgresql15	3.20-main	15.11-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
postgresql15	3.19-main	15.11-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
postgresql15	3.18-main	15.11-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
postgresql14	3.18-main	14.17-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
postgresql	edge-main	14.1-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
postgresql	edge-main	13.4-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
postgresql	edge-main	13.3-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
postgresql	edge-main	13.2-r0	None	possibly vulnerable
postgresql	edge-main	12.5-r0	None	possibly vulnerable
postgresql	edge-main	12.4-r0	None	possibly vulnerable
postgresql	edge-main	12.2-r0	None	possibly vulnerable
postgresql	edge-main	11.5-r0	None	possibly vulnerable
postgresql	edge-main	11.4-r0	None	possibly vulnerable
postgresql	edge-main	11.3-r0	None	possibly vulnerable
postgresql	edge-main	11.1-r0	None	possibly vulnerable
postgresql	edge-main	10.5-r0	None	possibly vulnerable
postgresql	edge-main	10.4-r0	None	possibly vulnerable
postgresql	edge-main	10.3-r0	None	possibly vulnerable
postgresql	edge-main	10.2-r0	None	possibly vulnerable
postgresql	edge-main	10.1-r0	None	possibly vulnerable
postgresql	edge-main	9.6.4-r0	None	possibly vulnerable
postgresql	edge-main	9.6.3-r0	None	possibly vulnerable