CVE-2017-7547
Vulnerability from cvelistv5
Published
2017-08-16 18:00
Modified
2024-09-16 23:41
Severity ?
Summary
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
References
secalert@redhat.comhttp://www.debian.org/security/2017/dsa-3935
secalert@redhat.comhttp://www.debian.org/security/2017/dsa-3936
secalert@redhat.comhttp://www.securityfocus.com/bid/100275Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1039142Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:2677
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:2678
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:2728
secalert@redhat.comhttps://security.gentoo.org/glsa/201710-06
secalert@redhat.comhttps://www.postgresql.org/about/news/1772/Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3935
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3936
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100275Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039142Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2677
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2678
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2728
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201710-06
af854a3a-2127-422b-91ae-364da2661108https://www.postgresql.org/about/news/1772/Mitigation, Vendor Advisory
Impacted products
Vendor Product Version
PostgreSQL postgresql Version: 9.2.x before 9.2.22
Version: 9.3.x before 9.3.18
Version: 9.4.x before 9.4.13
Version: 9.5.x before 9.5.8
Version: 9.6.x before 9.6.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T16:04:11.996Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2017:2728",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2728",
               },
               {
                  name: "DSA-3936",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2017/dsa-3936",
               },
               {
                  name: "RHSA-2017:2678",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2678",
               },
               {
                  name: "DSA-3935",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2017/dsa-3935",
               },
               {
                  name: "1039142",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1039142",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.postgresql.org/about/news/1772/",
               },
               {
                  name: "GLSA-201710-06",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201710-06",
               },
               {
                  name: "100275",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/100275",
               },
               {
                  name: "RHSA-2017:2677",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2677",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "postgresql",
               vendor: "PostgreSQL",
               versions: [
                  {
                     status: "affected",
                     version: "9.2.x before 9.2.22",
                  },
                  {
                     status: "affected",
                     version: "9.3.x before 9.3.18",
                  },
                  {
                     status: "affected",
                     version: "9.4.x before 9.4.13",
                  },
                  {
                     status: "affected",
                     version: "9.5.x before 9.5.8",
                  },
                  {
                     status: "affected",
                     version: "9.6.x before 9.6.4",
                  },
               ],
            },
         ],
         datePublic: "2017-08-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-522",
                     description: "CWE-522",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-12-30T10:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2017:2728",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2728",
            },
            {
               name: "DSA-3936",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2017/dsa-3936",
            },
            {
               name: "RHSA-2017:2678",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2678",
            },
            {
               name: "DSA-3935",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2017/dsa-3935",
            },
            {
               name: "1039142",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1039142",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.postgresql.org/about/news/1772/",
            },
            {
               name: "GLSA-201710-06",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201710-06",
            },
            {
               name: "100275",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/100275",
            },
            {
               name: "RHSA-2017:2677",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2677",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               DATE_PUBLIC: "2017-08-10T00:00:00",
               ID: "CVE-2017-7547",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "postgresql",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "9.2.x before 9.2.22",
                                       },
                                       {
                                          version_value: "9.3.x before 9.3.18",
                                       },
                                       {
                                          version_value: "9.4.x before 9.4.13",
                                       },
                                       {
                                          version_value: "9.5.x before 9.5.8",
                                       },
                                       {
                                          version_value: "9.6.x before 9.6.4",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "PostgreSQL",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-522",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2017:2728",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2728",
                  },
                  {
                     name: "DSA-3936",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2017/dsa-3936",
                  },
                  {
                     name: "RHSA-2017:2678",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2678",
                  },
                  {
                     name: "DSA-3935",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2017/dsa-3935",
                  },
                  {
                     name: "1039142",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1039142",
                  },
                  {
                     name: "https://www.postgresql.org/about/news/1772/",
                     refsource: "CONFIRM",
                     url: "https://www.postgresql.org/about/news/1772/",
                  },
                  {
                     name: "GLSA-201710-06",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201710-06",
                  },
                  {
                     name: "100275",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/100275",
                  },
                  {
                     name: "RHSA-2017:2677",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2677",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2017-7547",
      datePublished: "2017-08-16T18:00:00Z",
      dateReserved: "2017-04-05T00:00:00",
      dateUpdated: "2024-09-16T23:41:38.650Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2017-7547\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2017-08-16T18:29:00.257\",\"lastModified\":\"2024-11-21T03:32:08.430\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.\"},{\"lang\":\"es\",\"value\":\"PostgreSQL en sus versiones anteriores a 9.2.22, 9.3.18, 9.4.13, 9.5.8 y 9.6.4 es vulnerable a un fallo de autorización que permite que los atacantes remotos autenticados recuperen contraseñas de los mapeos de usuarios definidos por los propietarios del servidor extranjero sin tener privilegios para ello.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD27648F-E2FF-4779-97F9-2632DCC6B16D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEFB4916-8B59-4534-804C-CF9DA1B18508\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3413A3AB-45A3-48E1-9B30-1194C4E7D49D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5760CE83-4802-42A0-9338-E1E634882450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B41009E-4028-4D82-B8D0-8B949EDC0A68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"832F3EBE-A92C-4FB3-BF3C-0E7B750F966B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1571EE80-55A6-4F91-909B-C46BA19EC76F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2848E3BC-293A-4A75-BEB7-C2F1637AD3E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADC9133E-94FC-4199-BD69-BBB46CF3799F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"200172CE-40AB-49E3-93D1-9947E3CBFFF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E90B21A9-19A7-4DCB-A2FE-C558CCB6BBB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"924D1F84-EC50-44C3-A156-DC8E3A5E3909\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5EAF3B-B148-4B57-8E4E-0B5365003DFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5CE8DB4-CD97-4F60-9080-9FB093BD60CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B5AA780-4378-4959-9256-510C65E6E5B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74C9EB31-5D8E-4583-BC95-700F53854964\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3700FF66-108C-47C2-B4C2-1CB0B5575EDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"239F26B4-CFB2-4D7A-939E-0215A336A490\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C32070D-D751-4D3E-9457-5B1D1C551E70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BADABD34-25A1-46D3-AEFB-249E912A723A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C53E81C9-5693-4929-BC19-DEBAEF686E0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.2.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52B92B02-44DD-40D4-94F7-A3EE4621D854\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B890251-95EB-44F3-A6A7-F718F3C807B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2E5BD02-8C3D-4687-88DE-1C00366270E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"709F5DF9-9F3A-42C3-890B-521B13118C0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14D85A34-C897-4E52-8F97-18CA51C5461A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A40DAD2B-A6D4-43D8-B282-A3C672356D6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC2FE391-9414-480E-A9B1-CF70280E315E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55B6A4ED-FA3B-4251-BF82-755F95277CF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7142DF3-124D-43D7-ADD9-70F4F7298557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28DEA438-A0ED-49DC-AE51-4E9D8D4B6E7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"810B184F-6FB8-48D8-A569-F47BA43C4862\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"064BF155-7E2D-47B9-BD2B-C6E9FC06F5FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"676A81BD-7EEE-4770-B9AC-451B09844D6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30F23D38-BDD6-48E6-A6B2-29CD962EED99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89833234-3890-4E2E-8FCF-09925D83ED67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8F3ACC3-CB15-47E3-A511-E1D1F75E797F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F6FD785-7C9F-4302-B7ED-93CA04473ACE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC1BA72C-3A6E-450B-A3DE-3898DEAA9225\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FB6018C-3FC5-4D4E-BA7C-07C0A3B47976\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77D1323D-3096-4D0F-823A-ECAC9017646D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A587AF3-5E70-4455-8621-DFD048207DE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"526AFF26-B3EC-41C3-AC4C-85BFA3F99AC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89D2CAB7-C3D9-4F21-B902-2E498D00EFEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88797795-8B1C-455F-8C52-6169B2E47D53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBDE0CC8-F1DF-4723-8FCB-9A33EA8B12D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90F13667-019B-49DF-929C-3D376FCDE6E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9E20AA3-C0D3-492C-AF3B-9F61550E6983\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"251C78CA-EEC0-49A8-A3D2-3C86D16CCB7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB443A75-2466-4164-A71B-9203933CB0D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B02839D4-EE7D-4D42-8934-322E46B643D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1BAE807-A21F-4980-B64E-911F5E9B16BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46ED9A2E-8169-4470-AE61-54829B11BDAB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FF7FC5B-C9E3-4109-B3D6-9AC06F75DCB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.5.1.:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2DF5BA0-6D8E-416E-B441-1A2D8624FD54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EF74623-EF0E-455D-ADEB-9E336B539D86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FACD7AB7-34E9-4DFC-A788-7B9BF745D780\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8E8AEBB-9968-458D-8EE4-2725BBE1A53F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ECC17E6-C5FF-4B63-807A-26E5E6932C5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DB72357-B16D-488A-995C-2703CCEC1D8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9671475-BC67-436F-B2B1-5128347B3C64\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7040466B-2A7D-4E75-8E4F-FA70D4A7E014\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44887DE9-506B-46E3-922C-7B3C14B0AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1250F15-7A05-452A-8958-3B1B32B326E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:9.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A18FEF31-B528-46A8-AAA8-63B30D5A10EC\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3935\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3936\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/100275\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039142\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2677\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2678\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2728\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/201710-06\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.postgresql.org/about/news/1772/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3936\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/100275\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039142\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2677\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2678\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2728\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201710-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.postgresql.org/about/news/1772/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.