CVE-2017-7546

Published: August 31, 2023Last modified: August 31, 2023

Description

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

Severity score breakdown

Status

References

• http://www.debian.org/security/2017/dsa-3935
• http://www.debian.org/security/2017/dsa-3936
• http://www.securityfocus.com/bid/100278
• http://www.securitytracker.com/id/1039142
• https://access.redhat.com/errata/RHSA-2017:2677
• https://access.redhat.com/errata/RHSA-2017:2678
• https://access.redhat.com/errata/RHSA-2017:2728
• https://access.redhat.com/errata/RHSA-2017:2860
• https://security.gentoo.org/glsa/201710-06
• https://www.postgresql.org/about/news/1772/