PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
2016-12-09T23:59:02.050
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 7.1 (HIGH)
AV:N/AC:H/Au:S/C:P/I:P/A:P
3.9
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | debian | debian_linux | 8.0 | Yes |
| Application | postgresql | postgresql | ≤ 9.1.22 | Yes |
| Application | postgresql | postgresql | 9.2 | Yes |
| Application | postgresql | postgresql | 9.2.1 | Yes |
| Application | postgresql | postgresql | 9.2.2 | Yes |
| Application | postgresql | postgresql | 9.2.3 | Yes |
| Application | postgresql | postgresql | 9.2.4 | Yes |
| Application | postgresql | postgresql | 9.2.5 | Yes |
| Application | postgresql | postgresql | 9.2.6 | Yes |
| Application | postgresql | postgresql | 9.2.7 | Yes |
| Application | postgresql | postgresql | 9.2.8 | Yes |
| Application | postgresql | postgresql | 9.2.9 | Yes |
| Application | postgresql | postgresql | 9.2.10 | Yes |
| Application | postgresql | postgresql | 9.2.11 | Yes |
| Application | postgresql | postgresql | 9.2.12 | Yes |
| Application | postgresql | postgresql | 9.2.13 | Yes |
| Application | postgresql | postgresql | 9.2.14 | Yes |
| Application | postgresql | postgresql | 9.2.15 | Yes |
| Application | postgresql | postgresql | 9.2.16 | Yes |
| Application | postgresql | postgresql | 9.2.17 | Yes |
| Application | postgresql | postgresql | 9.3 | Yes |
| Application | postgresql | postgresql | 9.3.1 | Yes |
| Application | postgresql | postgresql | 9.3.2 | Yes |
| Application | postgresql | postgresql | 9.3.3 | Yes |
| Application | postgresql | postgresql | 9.3.4 | Yes |
| Application | postgresql | postgresql | 9.3.5 | Yes |
| Application | postgresql | postgresql | 9.3.6 | Yes |
| Application | postgresql | postgresql | 9.3.7 | Yes |
| Application | postgresql | postgresql | 9.3.8 | Yes |
| Application | postgresql | postgresql | 9.3.9 | Yes |
| Application | postgresql | postgresql | 9.3.10 | Yes |
| Application | postgresql | postgresql | 9.3.11 | Yes |
| Application | postgresql | postgresql | 9.3.12 | Yes |
| Application | postgresql | postgresql | 9.3.13 | Yes |
| Application | postgresql | postgresql | 9.4 | Yes |
| Application | postgresql | postgresql | 9.4.1 | Yes |
| Application | postgresql | postgresql | 9.4.2 | Yes |
| Application | postgresql | postgresql | 9.4.3 | Yes |
| Application | postgresql | postgresql | 9.4.4 | Yes |
| Application | postgresql | postgresql | 9.4.5 | Yes |
| Application | postgresql | postgresql | 9.4.6 | Yes |
| Application | postgresql | postgresql | 9.4.7 | Yes |
| Application | postgresql | postgresql | 9.4.8 | Yes |
| Application | postgresql | postgresql | 9.5 | Yes |
| Application | postgresql | postgresql | 9.5.1 | Yes |
| Application | postgresql | postgresql | 9.5.2 | Yes |
| Application | postgresql | postgresql | 9.5.3 | Yes |