First published: Mon Jan 27 2020(Updated: )
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
PostgreSQL PostgreSQL | <9.0.19 | |
PostgreSQL PostgreSQL | >=9.1.0<9.1.15 | |
PostgreSQL PostgreSQL | >=9.2.0<9.2.10 | |
PostgreSQL PostgreSQL | >=9.3.0<9.3.6 | |
PostgreSQL PostgreSQL | >=9.4.0<9.4.1 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2014-8161.
The severity of CVE-2014-8161 is medium.
CVE-2014-8161 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message in PostgreSQL versions before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1.
The affected software for CVE-2014-8161 includes PostgreSQL versions before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1.
To fix CVE-2014-8161, you should update your PostgreSQL installation to version 9.0.19, 9.1.15, 9.2.10, 9.3.6, or 9.4.1.