vulnerability
Oracle Linux: CVE-2025-1094: ELSA-2025-1736: postgresql:13 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:H/Au:N/C:C/I:C/A:C) | 02/13/2025 | 02/25/2025 | 03/24/2025 |
Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
02/13/2025
Added
02/25/2025
Modified
03/24/2025
Description
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.
Solution(s)
oracle-linux-upgrade-libpqoracle-linux-upgrade-libpq-develoracle-linux-upgrade-pgauditoracle-linux-upgrade-pg-repackoracle-linux-upgrade-pgvectororacle-linux-upgrade-postgres-decoderbufsoracle-linux-upgrade-postgresqloracle-linux-upgrade-postgresql-contriboracle-linux-upgrade-postgresql-docsoracle-linux-upgrade-postgresql-plperloracle-linux-upgrade-postgresql-plpython3oracle-linux-upgrade-postgresql-pltcloracle-linux-upgrade-postgresql-private-develoracle-linux-upgrade-postgresql-private-libsoracle-linux-upgrade-postgresql-serveroracle-linux-upgrade-postgresql-server-develoracle-linux-upgrade-postgresql-staticoracle-linux-upgrade-postgresql-testoracle-linux-upgrade-postgresql-test-rpm-macrosoracle-linux-upgrade-postgresql-upgradeoracle-linux-upgrade-postgresql-upgrade-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.