High severity8.5NVD Advisory· Published Aug 9, 2018· Updated Jun 17, 2026
CVE-2018-10915
CVE-2018-10915
Description
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
42- Range: <10.5
- osv-coords40 versionspkg:rpm/opensuse/postgresql10&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/postgresql10&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql12&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/postgresql96&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/postgresql&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/postgresql94&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/postgresql94&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/postgresql94-libs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/postgresql96&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/postgresql96&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/postgresql96-libs&distro=SUSE%20OpenStack%20Cloud%207
< 10.13-lp151.2.14.1+ 39 more
- (no CPE)range: < 10.13-lp151.2.14.1
- (no CPE)range: < 10.18-1.3
- (no CPE)range: < 12.3-lp151.2.1
- (no CPE)range: < 9.6.19-lp151.3.3.1
- (no CPE)range: < 12.0.1-lp151.6.9.1
- (no CPE)range: < 10.5-4.5.1
- (no CPE)range: < 10.5-4.5.1
- (no CPE)range: < 9.4.19-21.22.7
- (no CPE)range: < 9.4.19-0.23.19.1
- (no CPE)range: < 9.4.19-21.22.7
- (no CPE)range: < 9.4.19-21.22.7
- (no CPE)range: < 9.4.19-21.22.7
- (no CPE)range: < 9.4.19-0.23.19.1
- (no CPE)range: < 9.4.19-21.22.7
- (no CPE)range: < 9.4.19-21.22.7
- (no CPE)range: < 9.4.19-21.22.7
- (no CPE)range: < 9.4.19-0.23.19.1
- (no CPE)range: < 9.4.19-0.23.19.1
- (no CPE)range: < 9.4.19-0.23.19.1
- (no CPE)range: < 9.6.10-3.22.7
- (no CPE)range: < 9.6.10-3.22.7
- (no CPE)range: < 9.6.10-3.22.7
- (no CPE)range: < 9.6.10-3.22.7
- (no CPE)range: < 9.6.10-3.22.7
- (no CPE)range: < 9.6.10-3.22.7
- (no CPE)range: < 9.6.10-3.22.7
- (no CPE)range: < 9.6.10-3.22.7
- (no CPE)range: < 9.6.10-3.22.7
- (no CPE)range: < 9.6.10-3.22.7
- (no CPE)range: < 9.6.10-3.22.1
- (no CPE)range: < 9.6.10-3.22.1
- (no CPE)range: < 9.6.10-3.22.1
- (no CPE)range: < 9.6.10-3.22.1
- (no CPE)range: < 9.6.10-3.22.1
- (no CPE)range: < 9.6.10-3.22.1
- (no CPE)range: < 9.6.10-3.22.1
- (no CPE)range: < 9.6.10-3.22.1
- (no CPE)range: < 9.6.10-3.22.1
- (no CPE)range: < 9.6.10-3.22.1
- (no CPE)range: < 9.6.10-3.22.1
- Range: 10.5
Patches
Vulnerability mechanics
References
17- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- www.securityfocus.com/bid/105054nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041446nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:2511nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2557nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2565nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2566nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2643nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2721nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2729nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/08/msg00012.htmlnvdThird Party Advisory
- usn.ubuntu.com/3744-1/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4269nvdThird Party Advisory
- www.postgresql.org/about/news/1878/nvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.htmlnvd
- access.redhat.com/errata/RHSA-2018:3816nvd
- security.gentoo.org/glsa/201810-08nvd
News mentions
0No linked articles in our index yet.