PostgreSQL CVE-2016-5423 NULL Pointer Dereference Remote Code Execution Vulnerability

PostgreSQL is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code or crash the affected application, resulting in denial-of-service conditions.

Information

Bugtraq ID: 92433
Class: Design Error
CVE: CVE-2016-5423

Remote: Yes
Local: No
Published: Aug 11 2016 12:00AM
Updated: Apr 17 2017 05:07PM
Credit: The vendor reported this issue.
Vulnerable: SuSE Linux Enterprise Software Development Kit 12 SP1
SuSE Linux Enterprise Software Development Kit 11 SP4
SuSE Linux Enterprise Server for SAP 12
SuSE Linux Enterprise Server 12-LTSS
SuSE Linux Enterprise Server 12 SP1
SuSE Linux Enterprise Server 11 SP4
SuSE Linux Enterprise Desktop 12 SP1
SuSE Linux Enterprise Debuginfo 11 SP4
S.u.S.E. openSUSE 13.2
Redhat Software Collections 1 for RHEL 7 0
Redhat Software Collections 1 for RHEL 6 0
PostgreSQL PostgreSQL 9.5.1
PostgreSQL PostgreSQL 9.5
PostgreSQL PostgreSQL 9.4.6
PostgreSQL PostgreSQL 9.4.5
PostgreSQL PostgreSQL 9.4.4
PostgreSQL PostgreSQL 9.4.3
PostgreSQL PostgreSQL 9.4.2
PostgreSQL PostgreSQL 9.4.1
PostgreSQL PostgreSQL 9.3.11
PostgreSQL PostgreSQL 9.3.10
PostgreSQL PostgreSQL 9.3.9
PostgreSQL PostgreSQL 9.3.8
PostgreSQL PostgreSQL 9.3.7
PostgreSQL PostgreSQL 9.3.6
PostgreSQL PostgreSQL 9.3.5
PostgreSQL PostgreSQL 9.3.4
PostgreSQL PostgreSQL 9.3.3
PostgreSQL PostgreSQL 9.3.2
PostgreSQL PostgreSQL 9.2.15
PostgreSQL PostgreSQL 9.2.14
PostgreSQL PostgreSQL 9.2.13
PostgreSQL PostgreSQL 9.2.12
PostgreSQL PostgreSQL 9.2.11
PostgreSQL PostgreSQL 9.2.10
PostgreSQL PostgreSQL 9.2.8
PostgreSQL PostgreSQL 9.2.7
PostgreSQL PostgreSQL 9.2.6
PostgreSQL PostgreSQL 9.2.5
PostgreSQL PostgreSQL 9.2.3
PostgreSQL PostgreSQL 9.1.20
PostgreSQL PostgreSQL 9.1.19
PostgreSQL PostgreSQL 9.1.18
PostgreSQL PostgreSQL 9.1.17
PostgreSQL PostgreSQL 9.1.16
PostgreSQL PostgreSQL 9.1.15
PostgreSQL PostgreSQL 9.1.14
PostgreSQL PostgreSQL 9.1.13
PostgreSQL PostgreSQL 9.1.12
PostgreSQL PostgreSQL 9.1.11
PostgreSQL PostgreSQL 9.1.8
PostgreSQL PostgreSQL 9.1.3
PostgreSQL PostgreSQL 9.5.2
PostgreSQL PostgreSQL 9.3.1
PostgreSQL PostgreSQL 9.2.4
PostgreSQL PostgreSQL 9.2.2
PostgreSQL PostgreSQL 9.2.1
PostgreSQL PostgreSQL 9.1.9
PostgreSQL PostgreSQL 9.1.7
PostgreSQL PostgreSQL 9.1.6
PostgreSQL PostgreSQL 9.1.5
PostgreSQL PostgreSQL 9.1.4
PostgreSQL PostgreSQL 9.1.2
PostgreSQL PostgreSQL 9.1.10
PostgreSQL PostgreSQL 9.1.1
openSUSE Leap 42.2
openSUSE Leap 42.1
Gentoo Linux

Not Vulnerable: PostgreSQL PostgreSQL 9.5.4
PostgreSQL PostgreSQL 9.4.9
PostgreSQL PostgreSQL 9.3.14
PostgreSQL PostgreSQL 9.2.18
PostgreSQL PostgreSQL 9.1.23

References:

• 2016-08-11 Security Update Release (postgresql.org)
  
• PostgreSQL Homepage (PostgreSQL)
  
• Bug 1364001 - (CVE-2016-5423) CVE-2016-5423 postgresql: CASE/WHEN with inlining (Bugzilla)
  
• RHSA-2016:1781: rh-postgresql94-postgresql security update (Redhat)
  

Source: www.securityfocus.com