CVE-2017-7546
Published: 10 August 2017
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
postgresql-10 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Not vulnerable
(10.1-1)
|
|
cosmic |
Not vulnerable
(10.1-1)
|
|
disco |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
postgresql-9.1 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Ignored
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
postgresql-9.3 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Released
(9.3.18-0ubuntu0.14.04.1)
|
|
upstream |
Released
(9.3.18)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
postgresql-9.5 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(9.5.8)
|
|
xenial |
Released
(9.5.8-0ubuntu0.16.04.1)
|
|
zesty |
Does not exist
|
|
postgresql-9.6 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(9.6.4-1)
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(9.6.4-1)
|
|
xenial |
Does not exist
|
|
zesty |
Released
(9.6.4-0ubuntu0.17.04.1)
|