Unrated severityNVD Advisory· Published Oct 29, 2019· Updated Aug 4, 2024
CVE-2019-10208
CVE-2019-10208
Description
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
49>=9.4, <9.4.24; >=9.5, <9.5.19; >=9.6, <9.6.15; >=10, <10.10; >=11, <11.5+ 1 more
- (no CPE)range: >=9.4, <9.4.24; >=9.5, <9.5.19; >=9.6, <9.6.15; >=10, <10.10; >=11, <11.5
- (no CPE)range: all 11.x before 11.5
- osv-coords47 versionspkg:rpm/opensuse/postgresql10&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/postgresql10&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/postgresql10&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql11&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql12&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/postgresql96&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/postgresql&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/postgresql94&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/postgresql94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/postgresql94&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/postgresql96&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/postgresql96&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/postgresql96&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/postgresql96&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/postgresql96&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/postgresql96&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/postgresql96-libs&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/postgresql96-libs&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/postgresql96-libs&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/postgresql96-libs&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 10.10-lp151.2.6.1+ 46 more
- (no CPE)range: < 10.10-lp151.2.6.1
- (no CPE)range: < 10.10-lp151.2.6.1
- (no CPE)range: < 10.18-1.3
- (no CPE)range: < 11.13-1.3
- (no CPE)range: < 12.3-lp151.2.1
- (no CPE)range: < 9.6.19-lp151.3.3.1
- (no CPE)range: < 12.0.1-lp151.6.9.1
- (no CPE)range: < 10.10-4.16.1
- (no CPE)range: < 10.10-8.6.1
- (no CPE)range: < 10.10-4.16.1
- (no CPE)range: < 10.10-4.16.1
- (no CPE)range: < 10.10-8.6.1
- (no CPE)range: < 9.4.24-21.25.1
- (no CPE)range: < 9.4.24-21.25.1
- (no CPE)range: < 9.4.24-21.25.1
- (no CPE)range: < 9.4.24-21.25.1
- (no CPE)range: < 9.4.24-21.25.1
- (no CPE)range: < 9.4.24-21.25.1
- (no CPE)range: < 9.4.24-21.25.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
- (no CPE)range: < 9.6.15-3.29.1
Patches
Vulnerability mechanics
References
3- lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.htmlmitrevendor-advisoryx_refsource_SUSE
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- www.postgresql.org/about/news/1960/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.