Kaspersky ID:
KLA11300
検出日:
08/09/2018
更新日:
06/17/2026

説明

Multiple serious vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions and obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An unspecified vulnerability in libpq can be exploited remotely to bypass security restrictions;
  2. An unspecified vulnerability can be exploited remotely to obtain sensitive information.

Technical details

Attacker with “CREATE TABLE” privileges can exploit this to read arbitrary bytes server memory. If the attacker also have “INSERT” and “UPDATE” privileges to a particular table, the can exploit this to update other columns in this table

オリジナルアドバイザリー

エクスプロイテーション

Public exploits exist for this vulnerability.

関連製品

CVEリスト

  • CVE-2018-10915
    critical
  • CVE-2018-10925
    critical

も参照してください

お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com

この脆弱性についての記述に不正確な点がありますか? お知らせください!
Kaspersky IT Security Calculator
も参照してください
新しいカスペルスキー
あなたのデジタルライフを守る
も参照してください
Do you want to save your changes?
Your message has been sent successfully.