vulnerability
SUSE: CVE-2016-5424: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:S/C:P/I:P/A:P) | Sep 29, 2016 | Oct 12, 2016 | Jun 20, 2021 |
Severity
5
CVSS
(AV:N/AC:H/Au:S/C:P/I:P/A:P)
Published
Sep 29, 2016
Added
Oct 12, 2016
Modified
Jun 20, 2021
Description
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
Solutions
suse-upgrade-libecpg6suse-upgrade-libpq5suse-upgrade-libpq5-32bitsuse-upgrade-postgresql93suse-upgrade-postgresql93-contribsuse-upgrade-postgresql93-docssuse-upgrade-postgresql93-serversuse-upgrade-postgresql94suse-upgrade-postgresql94-contribsuse-upgrade-postgresql94-develsuse-upgrade-postgresql94-docssuse-upgrade-postgresql94-server
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.