VDB
GCVE-110-MAGEIA-2016-289
GCVE-110-MAGEIA-2016-289
Advisory Published
It was discovered that certain SQL statements containing CASE/WHEN
commands could crash the PostgreSQL server, or disclose a few bytes of
server memory, potentially leading to arbitrary code execution
(CVE-2016-5423).
It was found that PostgreSQL client programs mishandle database and role
names containing newlines, carriage returns, double quotes, or
backslashes. By crafting such an object name, roles with the CREATEDB or
CREATEROLE option could escalate their privileges to root when a root user
next executes maintenance with a vulnerable program. Vulnerable programs
include pg_dumpall, pg_upgrade, vacuumdb, reindexdb, and clusterdb
(CVE-2016-5424).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | postgresql9.3 | 0 (affected), 9.3.14-1.mga5 (unaffected) | — |
| Mageia | postgresql9.4 | 0 (affected), 9.4.9-1.mga5 (unaffected) | — |
References
Browse GCVE Records
72,148 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.