CVE-2009-2940

Sažetak

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

Reference

http://secunia.com/advisories/37046
http://secunia.com/advisories/37654
http://ubuntu.com/usn/usn-870-1
http://www.debian.org/security/2009/dsa-1911
http://www.osvdb.org/59028

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-12-2009 - 06:57

Objavljeno

22-10-2009 - 16:30