CVE-2009-2940 - The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn functi

CVE-2009-2940

Summary

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

References

http://secunia.com/advisories/37046
http://secunia.com/advisories/37654
http://ubuntu.com/usn/usn-870-1
http://www.debian.org/security/2009/dsa-1911
http://www.osvdb.org/59028

Vulnerable Configurations

cpe:2.3:a:pygresql:pygresql:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:pygresql:pygresql:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:pygresql:pygresql:4.0:*:*:*:*:*:*:*
cpe:2.3:a:pygresql:pygresql:4.0:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-12-2009 - 06:57)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

debian	DSA-1911
osvdb	59028
secunia	37046 37654
ubuntu	USN-870-1

Last major update

19-12-2009 - 06:57

Published

22-10-2009 - 16:30

Last modified

19-12-2009 - 06:57