6
CVSSv2

CVE-2018-10915

Published: 09/08/2018 Updated: 17/08/2020
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 534
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Summary

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions prior to 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux server 7.0

redhat enterprise linux workstation 7.0

redhat virtualization 4.0

redhat openstack 13.0

redhat enterprise linux server eus 7.5

redhat enterprise linux desktop 7.0

redhat openstack 12.0

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

debian debian linux 9.0

debian debian linux 8.0

postgresql postgresql

Vendor Advisories

Synopsis Important: postgresql security update Type/Severity Security Advisory: Important Topic An update for postgresql is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Synopsis Important: rh-postgresql10-postgresql security update Type/Severity Security Advisory: Important Topic An update for rh-postgresql10-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Synopsis Important: CloudForms 466 security, bug fix and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for CloudForms Management Engine 59Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: rhvm-appliance security update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...
Two vulnerabilities have been found in the PostgreSQL database system: CVE-2018-10915 Andrew Krasichkov discovered that libpq did not reset all its connection state during reconnects CVE-2018-10925 It was discovered that some CREATE TABLE statements could disclose server memory For additional information please refer to the upst ...
Synopsis Important: rh-postgresql95-postgresql security update Type/Severity Security Advisory: Important Topic An update for rh-postgresql95-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to highe ...
Synopsis Important: rh-postgresql96-postgresql security update Type/Severity Security Advisory: Important Topic An update for rh-postgresql96-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Synopsis Moderate: Red Hat Enterprise Linux OpenStack Platform security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to highe ...
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to highe ...
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to highe ...
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to highe ...
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to highe ...
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to highe ...
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to highe ...
Synopsis Moderate: Red Hat Enterprise Linux OpenStack Platform security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenStack Platform 120 (Pike)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...
The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 105, 9610, 9514, 9419, 9324 This release fixes two security issues as well as bugs reported over the last three months ...
Oracle Linux Bulletin - July 2018 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...
The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 105, 9610, 9514, 9419, 9324 This release fixes two security issues as well as bugs reported over the last three months ...
IBM Security Access Manager Appliance has addressed the following vulnerabilities ...
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to multiple security vulnerabilities There are multiple vulnerabilities fixes to open source libraries distributed with IGI, other less secure algorithms for crypto, xss attacks and click jacking attacks ...