CVE-2016-5423

postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference

Severity Score

8.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.

PostgreSQL en versiones anteriores a 9.1.23, 9.2.x en versiones anteriores a 9.2.18, 9.3.x en versiones anteriores a 9.3.14, 9.4.x en versiones anteriores a 9.4.9 y 9.5.x en versiones anteriores a 9.5.4 permiten a usuarios remotos autenticados provocar una denegación de servicio (referencia a puntero NULL y caída del servidor), obtener información de memoria sensible, o posiblemente ejecutar código arbitrario a través de (1) una expresión CASE dentro de la subexpresión de valor de prueba de otro CASE o (2) el inicio de una función SQL que implementa el operador de igualdad utilizado para una expresión CASE que implica valores de diferentes tipos.

A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-06-10 CVE Reserved
2016-08-12 CVE Published
2024-03-11 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference
CWE-822: Untrusted Pointer Dereference

CAPEC

References (17)

URL	Tag	Source
http://www.securityfocus.com/bid/92433	Third Party Advisory
http://www.securitytracker.com/id/1036617	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://www.postgresql.org/about/news/1688	2018-01-05

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2016-1781.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2016-1820.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2016-1821.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2016-2606.html	2018-01-05
http://www.debian.org/security/2016/dsa-3646	2018-01-05
https://access.redhat.com/errata/RHSA-2017:2425	2018-01-05
https://bugzilla.redhat.com/show_bug.cgi?id=1364001	2017-08-07
https://security.gentoo.org/glsa/201701-33	2018-01-05
https://www.postgresql.org/docs/current/static/release-9-1-23.html	2018-01-05
https://www.postgresql.org/docs/current/static/release-9-2-18.html	2018-01-05
https://www.postgresql.org/docs/current/static/release-9-3-14.html	2018-01-05
https://www.postgresql.org/docs/current/static/release-9-4-9.html	2018-01-05
https://www.postgresql.org/docs/current/static/release-9-5-4.html	2018-01-05
https://access.redhat.com/security/cve/CVE-2016-5423	2017-08-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				<= 9.1.22 Search vendor "Postgresql" for product "Postgresql" and version " <= 9.1.22"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2 Search vendor "Postgresql" for product "Postgresql" and version "9.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.1 Search vendor "Postgresql" for product "Postgresql" and version "9.2.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.2 Search vendor "Postgresql" for product "Postgresql" and version "9.2.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.3 Search vendor "Postgresql" for product "Postgresql" and version "9.2.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.4 Search vendor "Postgresql" for product "Postgresql" and version "9.2.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.5 Search vendor "Postgresql" for product "Postgresql" and version "9.2.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.6 Search vendor "Postgresql" for product "Postgresql" and version "9.2.6"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.7 Search vendor "Postgresql" for product "Postgresql" and version "9.2.7"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.8 Search vendor "Postgresql" for product "Postgresql" and version "9.2.8"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.9 Search vendor "Postgresql" for product "Postgresql" and version "9.2.9"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.10 Search vendor "Postgresql" for product "Postgresql" and version "9.2.10"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.11 Search vendor "Postgresql" for product "Postgresql" and version "9.2.11"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.12 Search vendor "Postgresql" for product "Postgresql" and version "9.2.12"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.13 Search vendor "Postgresql" for product "Postgresql" and version "9.2.13"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.14 Search vendor "Postgresql" for product "Postgresql" and version "9.2.14"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.15 Search vendor "Postgresql" for product "Postgresql" and version "9.2.15"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.16 Search vendor "Postgresql" for product "Postgresql" and version "9.2.16"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.17 Search vendor "Postgresql" for product "Postgresql" and version "9.2.17"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3 Search vendor "Postgresql" for product "Postgresql" and version "9.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.1 Search vendor "Postgresql" for product "Postgresql" and version "9.3.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.2 Search vendor "Postgresql" for product "Postgresql" and version "9.3.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.3 Search vendor "Postgresql" for product "Postgresql" and version "9.3.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.4 Search vendor "Postgresql" for product "Postgresql" and version "9.3.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.5 Search vendor "Postgresql" for product "Postgresql" and version "9.3.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.6 Search vendor "Postgresql" for product "Postgresql" and version "9.3.6"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.7 Search vendor "Postgresql" for product "Postgresql" and version "9.3.7"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.8 Search vendor "Postgresql" for product "Postgresql" and version "9.3.8"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.9 Search vendor "Postgresql" for product "Postgresql" and version "9.3.9"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.10 Search vendor "Postgresql" for product "Postgresql" and version "9.3.10"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.11 Search vendor "Postgresql" for product "Postgresql" and version "9.3.11"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.12 Search vendor "Postgresql" for product "Postgresql" and version "9.3.12"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.13 Search vendor "Postgresql" for product "Postgresql" and version "9.3.13"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.4 Search vendor "Postgresql" for product "Postgresql" and version "9.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.4.1 Search vendor "Postgresql" for product "Postgresql" and version "9.4.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.4.2 Search vendor "Postgresql" for product "Postgresql" and version "9.4.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.4.3 Search vendor "Postgresql" for product "Postgresql" and version "9.4.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.4.4 Search vendor "Postgresql" for product "Postgresql" and version "9.4.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.4.5 Search vendor "Postgresql" for product "Postgresql" and version "9.4.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.4.6 Search vendor "Postgresql" for product "Postgresql" and version "9.4.6"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.4.7 Search vendor "Postgresql" for product "Postgresql" and version "9.4.7"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.4.8 Search vendor "Postgresql" for product "Postgresql" and version "9.4.8"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.5 Search vendor "Postgresql" for product "Postgresql" and version "9.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.5.1 Search vendor "Postgresql" for product "Postgresql" and version "9.5.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.5.2 Search vendor "Postgresql" for product "Postgresql" and version "9.5.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.5.3 Search vendor "Postgresql" for product "Postgresql" and version "9.5.3"		-		Affected