Untrusted Pointer Dereference Affecting postgresql-docs package, versions <0:9.2.18-1.el7
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL7-POSTGRESQLDOCS-1456973
- published 26 Jul 2021
- disclosed 11 Aug 2016
Introduced: 11 Aug 2016
CVE-2016-5423 Open this link in a new tabHow to fix?
Upgrade RHEL:7 postgresql-docs to version 0:9.2.18-1.el7 or higher.
This issue was patched in RHSA-2016:2606.
NVD Description
Note: Versions mentioned in the description apply only to the upstream postgresql-docs package and not the postgresql-docs package as distributed by RHEL.
See How to fix? for RHEL:7 relevant fixed versions and status.
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
References
- http://www.securityfocus.com/bid/92433
- https://bugzilla.redhat.com/show_bug.cgi?id=1364001
- https://www.postgresql.org/about/news/1688/
- https://www.postgresql.org/docs/current/static/release-9-1-23.html
- https://www.postgresql.org/docs/current/static/release-9-2-18.html
- https://www.postgresql.org/docs/current/static/release-9-3-14.html
- https://www.postgresql.org/docs/current/static/release-9-4-9.html
- https://www.postgresql.org/docs/current/static/release-9-5-4.html
- https://access.redhat.com/security/cve/CVE-2016-5423
- http://www.debian.org/security/2016/dsa-3646
- https://security.gentoo.org/glsa/201701-33
- http://rhn.redhat.com/errata/RHSA-2016-1781.html
- http://rhn.redhat.com/errata/RHSA-2016-1820.html
- http://rhn.redhat.com/errata/RHSA-2016-1821.html
- http://rhn.redhat.com/errata/RHSA-2016-2606.html
- https://access.redhat.com/errata/RHSA-2016:2606
- http://www.securitytracker.com/id/1036617