Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-2943

The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

Published

2009-10-22T16:30:00.297

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ocaml	postgresql-ocaml	1.5.4	Yes
Application	ocaml	postgresql-ocaml	1.7.0	Yes
Application	ocaml	postgresql-ocaml	1.12.1	Yes
Application	postgresql	postgresql	*	No

References

http://secunia.com/advisories/37048 Vendor Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1909 Patch ([email protected])
http://www.osvdb.org/59029 ([email protected])
http://secunia.com/advisories/37048 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1909 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/59029 (af854a3a-2127-422b-91ae-364da2661108)