PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
2016-12-09T23:59:00.160
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 8.3 (HIGH)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | debian | debian_linux | 8.0 | Yes |
| Application | postgresql | postgresql | ≤ 9.1.22 | Yes |
| Application | postgresql | postgresql | 9.2 | Yes |
| Application | postgresql | postgresql | 9.2.1 | Yes |
| Application | postgresql | postgresql | 9.2.2 | Yes |
| Application | postgresql | postgresql | 9.2.3 | Yes |
| Application | postgresql | postgresql | 9.2.4 | Yes |
| Application | postgresql | postgresql | 9.2.5 | Yes |
| Application | postgresql | postgresql | 9.2.6 | Yes |
| Application | postgresql | postgresql | 9.2.7 | Yes |
| Application | postgresql | postgresql | 9.2.8 | Yes |
| Application | postgresql | postgresql | 9.2.9 | Yes |
| Application | postgresql | postgresql | 9.2.10 | Yes |
| Application | postgresql | postgresql | 9.2.11 | Yes |
| Application | postgresql | postgresql | 9.2.12 | Yes |
| Application | postgresql | postgresql | 9.2.13 | Yes |
| Application | postgresql | postgresql | 9.2.14 | Yes |
| Application | postgresql | postgresql | 9.2.15 | Yes |
| Application | postgresql | postgresql | 9.2.16 | Yes |
| Application | postgresql | postgresql | 9.2.17 | Yes |
| Application | postgresql | postgresql | 9.3 | Yes |
| Application | postgresql | postgresql | 9.3.1 | Yes |
| Application | postgresql | postgresql | 9.3.2 | Yes |
| Application | postgresql | postgresql | 9.3.3 | Yes |
| Application | postgresql | postgresql | 9.3.4 | Yes |
| Application | postgresql | postgresql | 9.3.5 | Yes |
| Application | postgresql | postgresql | 9.3.6 | Yes |
| Application | postgresql | postgresql | 9.3.7 | Yes |
| Application | postgresql | postgresql | 9.3.8 | Yes |
| Application | postgresql | postgresql | 9.3.9 | Yes |
| Application | postgresql | postgresql | 9.3.10 | Yes |
| Application | postgresql | postgresql | 9.3.11 | Yes |
| Application | postgresql | postgresql | 9.3.12 | Yes |
| Application | postgresql | postgresql | 9.3.13 | Yes |
| Application | postgresql | postgresql | 9.4 | Yes |
| Application | postgresql | postgresql | 9.4.1 | Yes |
| Application | postgresql | postgresql | 9.4.2 | Yes |
| Application | postgresql | postgresql | 9.4.3 | Yes |
| Application | postgresql | postgresql | 9.4.4 | Yes |
| Application | postgresql | postgresql | 9.4.5 | Yes |
| Application | postgresql | postgresql | 9.4.6 | Yes |
| Application | postgresql | postgresql | 9.4.7 | Yes |
| Application | postgresql | postgresql | 9.4.8 | Yes |
| Application | postgresql | postgresql | 9.5 | Yes |
| Application | postgresql | postgresql | 9.5.1 | Yes |
| Application | postgresql | postgresql | 9.5.2 | Yes |
| Application | postgresql | postgresql | 9.5.3 | Yes |