CVE-2009-2943
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
Los vínculos Postgresql-ocaml v1.5.4, v1.7.0, y v1.12.1 para la librería libpq para PostgreSQL no soporta de forma adecuada la función PQescapeStringConn, lo que podría permitir a atacantes remotos aprovechas cuestiones de escape incluidas en las codificaciones de carácter multibyte.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-08-23 CVE Reserved
- 2009-10-15 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.osvdb.org/59029 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2009/dsa-1909 | 2009-10-23 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/37048 | 2009-10-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ocaml Search vendor "Ocaml" | Postgresql-ocaml Search vendor "Ocaml" for product "Postgresql-ocaml" | 1.5.4 Search vendor "Ocaml" for product "Postgresql-ocaml" and version "1.5.4" | - |
Affected
| in | Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | * | - |
Safe
|
| Ocaml Search vendor "Ocaml" | Postgresql-ocaml Search vendor "Ocaml" for product "Postgresql-ocaml" | 1.7.0 Search vendor "Ocaml" for product "Postgresql-ocaml" and version "1.7.0" | - |
Affected
| in | Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | * | - |
Safe
|
| Ocaml Search vendor "Ocaml" | Postgresql-ocaml Search vendor "Ocaml" for product "Postgresql-ocaml" | 1.12.1 Search vendor "Ocaml" for product "Postgresql-ocaml" and version "1.12.1" | - |
Affected
| in | Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | * | - |
Safe
|