Your submission was sent successfully! Close

CVE-2013-1899

Published: 04 April 2013

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).

Priority

High

Status

Package Release Status
postgresql-8.2
Launchpad, Ubuntu, Debian
Upstream Needs triage

postgresql-8.3
Launchpad, Ubuntu, Debian
Upstream Needs triage

postgresql-8.4
Launchpad, Ubuntu, Debian
Upstream
Released (8.4.17)
postgresql-9.1
Launchpad, Ubuntu, Debian
Upstream
Released (9.1.9)