vulnerability
FreeBSD: PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities (Multiple CVEs)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Aug 11, 2016 | Aug 12, 2016 | Feb 18, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Aug 11, 2016
Added
Aug 12, 2016
Modified
Feb 18, 2025
Description
PostgreSQL project reports:
Security Fixes nested CASE expressions +
database and role names with embedded special characters
CVE-2016-5423: certain nested CASE expressions can cause the
server to crash.
CVE-2016-5424: database and role names with embedded special
characters can allow code injection during administrative operations
like pg_dumpall.
Solutions
freebsd-upgrade-package-postgresql91-serverfreebsd-upgrade-package-postgresql92-serverfreebsd-upgrade-package-postgresql93-serverfreebsd-upgrade-package-postgresql94-serverfreebsd-upgrade-package-postgresql95-server
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.