PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2016-12-09 15:59
Updated : 2018-01-04 18:31
NVD link : CVE-2016-5423
Mitre link : CVE-2016-5423
JSON object : View
CWE
CWE-476
NULL Pointer Dereference
Products Affected
debian
- debian_linux
postgresql
- postgresql