What is CVE-2013-1899?

CVE-2013-1899 is a vulnerability in Postgresql, classified under Code Injection. Published 2013-04-04.

Is CVE-2013-1899 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Postgresql

CVE-2013-1899

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configur…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.811 (99.2th percentile) — read the EPSS interpretation.

Affected products

Postgresql — versions 9.2, 9.2.1, 9.2.2
Canonical Ubuntu_linux — versions 8.04, 10.04, 11.10
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
openSUSE-SU-2013:0628 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2013:0635 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
MDVSA-2013:142 (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
USN-1789-1 (x_refsource_UBUNTU, vendor-advisory)
APPLE-SA-2013-09-12-1 (vendor-advisory, x_refsource_APPLE)

Frequently asked questions

What is CVE-2013-1899?: CVE-2013-1899 is a vulnerability in Postgresql, classified under Code Injection. Published 2013-04-04.
Is CVE-2013-1899 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.