CVE-2016-5423
Publication date 11 August 2016
Last updated 25 August 2025
Ubuntu priority
Description
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| postgresql-9.5 | ||
| 16.04 LTS xenial |
Fixed 9.5.4-0ubuntu0.16.04
|
|
| 14.04 LTS trusty | Not in release | |
| postgresql-8.4 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| postgresql-9.1 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 9.1.23-0ubuntu0.14.04
|
|
| postgresql-9.3 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 9.3.14-0ubuntu0.14.04
|
|
Patch details
| Package | Patch details |
|---|---|
| postgresql-9.5 |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.3 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3066-1
- PostgreSQL vulnerabilities
- 18 August 2016