CVE-2017-7546
CRITICAL9.8EPSS 33.1%postgresql-9.6 - security update
Published: 8/10/2017Modified: 3/9/2026
Description
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
Affected packages (5)
- Alpine/postgresqlfrom 0, < 9.6.4-r0
- Alpine/postgresql14from 0, < 9.6.4-r0
- Alpine/postgresql15from 0, < 9.6.4-r0
- Debian/postgresql-9.4from 0, < 9.4.13-0+deb8u1
- Debian/postgresql-9.6from 0, < 9.6.4-0+deb9u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |