Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-32655

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-09 May, 2024 | 14:29
Updated At-12 Dec, 2024 | 20:56
Rejected At-
Credits

Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow

Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is too small when constructing a Postgres protocol message to send it over the network to the database. When parsing the message, the database will only read a small number of bytes and treat any following bytes as new messages while they belong to the old message. Attackers can abuse this to inject arbitrary Postgres protocol messages into the connection, leading to the execution of arbitrary SQL statements on the application's behalf. This vulnerability is fixed in 4.0.14, 4.1.13, 5.0.18, 6.0.11, 7.0.7, and 8.0.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:09 May, 2024 | 14:29
Updated At:12 Dec, 2024 | 20:56
Rejected At:
▼CVE Numbering Authority (CNA)
Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow

Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is too small when constructing a Postgres protocol message to send it over the network to the database. When parsing the message, the database will only read a small number of bytes and treat any following bytes as new messages while they belong to the old message. Attackers can abuse this to inject arbitrary Postgres protocol messages into the connection, leading to the execution of arbitrary SQL statements on the application's behalf. This vulnerability is fixed in 4.0.14, 4.1.13, 5.0.18, 6.0.11, 7.0.7, and 8.0.3.

Affected Products
Vendor
npgsql
Product
npgsql
Versions
Affected
  • >= 4.0.0, < 4.0.14
  • >= 4.1.0, < 4.1.13
  • >= 5.0.0, < 5.0.18
  • >= 6.0.0, < 6.0.11
  • >= 7.0.0, < 7.0.7
  • >= 8.0.0, < 8.0.3
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190: Integer Overflow or Wraparound
CWECWE-89CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-190
Description: CWE-190: Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-89
Description: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
x_refsource_CONFIRM
https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928
x_refsource_MISC
https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0
x_refsource_MISC
https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169
x_refsource_MISC
https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b
x_refsource_MISC
https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af
x_refsource_MISC
https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56
x_refsource_MISC
https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
x_refsource_MISC
https://github.com/npgsql/npgsql/releases/tag/v4.0.14
x_refsource_MISC
https://github.com/npgsql/npgsql/releases/tag/v4.1.13
x_refsource_MISC
https://github.com/npgsql/npgsql/releases/tag/v5.0.18
x_refsource_MISC
https://github.com/npgsql/npgsql/releases/tag/v6.0.11
x_refsource_MISC
https://github.com/npgsql/npgsql/releases/tag/v7.0.7
x_refsource_MISC
https://github.com/npgsql/npgsql/releases/tag/v8.0.3
x_refsource_MISC
https://www.youtube.com/watch?v=Tfg1B8u1yvE
x_refsource_MISC
Hyperlink: https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928
Resource:
x_refsource_MISC
Hyperlink: https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0
Resource:
x_refsource_MISC
Hyperlink: https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169
Resource:
x_refsource_MISC
Hyperlink: https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b
Resource:
x_refsource_MISC
Hyperlink: https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af
Resource:
x_refsource_MISC
Hyperlink: https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56
Resource:
x_refsource_MISC
Hyperlink: https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
Resource:
x_refsource_MISC
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v4.0.14
Resource:
x_refsource_MISC
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v4.1.13
Resource:
x_refsource_MISC
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v5.0.18
Resource:
x_refsource_MISC
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v6.0.11
Resource:
x_refsource_MISC
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v7.0.7
Resource:
x_refsource_MISC
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v8.0.3
Resource:
x_refsource_MISC
Hyperlink: https://www.youtube.com/watch?v=Tfg1B8u1yvE
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
npgsql
Product
npgsql
CPEs
  • cpe:2.3:a:npgsql:npgsql:4.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 4.0.0 before 4.0.14 (custom)
Vendor
npgsql
Product
npgsql
CPEs
  • cpe:2.3:a:npgsql:npgsql:4.1.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 4.1.0 before 4.1.13 (custom)
Vendor
npgsql
Product
npgsql
CPEs
  • cpe:2.3:a:npgsql:npgsql:5.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 5.0.0 before 5.0.18 (custom)
Vendor
npgsql
Product
npgsql
CPEs
  • cpe:2.3:a:npgsql:npgsql:6.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 6.0.0 before 6.0.11 (custom)
Vendor
npgsql
Product
npgsql
CPEs
  • cpe:2.3:a:npgsql:npgsql:7.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 7.0.0 before 8.0.3 (custom)
Vendor
npgsql
Product
npgsql
CPEs
  • cpe:2.3:a:npgsql:npgsql:8.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 8.0.0 before 8.0.3 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
x_refsource_CONFIRM
x_transferred
https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928
x_refsource_MISC
x_transferred
https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0
x_refsource_MISC
x_transferred
https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169
x_refsource_MISC
x_transferred
https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b
x_refsource_MISC
x_transferred
https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af
x_refsource_MISC
x_transferred
https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56
x_refsource_MISC
x_transferred
https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
x_refsource_MISC
x_transferred
https://github.com/npgsql/npgsql/releases/tag/v4.0.14
x_refsource_MISC
x_transferred
https://github.com/npgsql/npgsql/releases/tag/v4.1.13
x_refsource_MISC
x_transferred
https://github.com/npgsql/npgsql/releases/tag/v5.0.18
x_refsource_MISC
x_transferred
https://github.com/npgsql/npgsql/releases/tag/v6.0.11
x_refsource_MISC
x_transferred
https://github.com/npgsql/npgsql/releases/tag/v7.0.7
x_refsource_MISC
x_transferred
https://github.com/npgsql/npgsql/releases/tag/v8.0.3
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v4.0.14
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v4.1.13
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v5.0.18
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v6.0.11
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v7.0.7
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v8.0.3
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:14 May, 2024 | 15:36
Updated At:12 Dec, 2024 | 21:15

Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is too small when constructing a Postgres protocol message to send it over the network to the database. When parsing the message, the database will only read a small number of bytes and treat any following bytes as new messages while they belong to the old message. Attackers can abuse this to inject arbitrary Postgres protocol messages into the connection, leading to the execution of arbitrary SQL statements on the application's behalf. This vulnerability is fixed in 4.0.14, 4.1.13, 5.0.18, 6.0.11, 7.0.7, and 8.0.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-89Secondarysecurity-advisories@github.com
CWE-190Secondarysecurity-advisories@github.com
CWE ID: CWE-89
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-190
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928security-advisories@github.com
N/A
https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0security-advisories@github.com
N/A
https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169security-advisories@github.com
N/A
https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7bsecurity-advisories@github.com
N/A
https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1afsecurity-advisories@github.com
N/A
https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56security-advisories@github.com
N/A
https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6security-advisories@github.com
N/A
https://github.com/npgsql/npgsql/releases/tag/v4.0.14security-advisories@github.com
N/A
https://github.com/npgsql/npgsql/releases/tag/v4.1.13security-advisories@github.com
N/A
https://github.com/npgsql/npgsql/releases/tag/v5.0.18security-advisories@github.com
N/A
https://github.com/npgsql/npgsql/releases/tag/v6.0.11security-advisories@github.com
N/A
https://github.com/npgsql/npgsql/releases/tag/v7.0.7security-advisories@github.com
N/A
https://github.com/npgsql/npgsql/releases/tag/v8.0.3security-advisories@github.com
N/A
https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8csecurity-advisories@github.com
N/A
https://www.youtube.com/watch?v=Tfg1B8u1yvEsecurity-advisories@github.com
N/A
https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7baf854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1afaf854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/npgsql/npgsql/releases/tag/v4.0.14af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/npgsql/npgsql/releases/tag/v4.1.13af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/npgsql/npgsql/releases/tag/v5.0.18af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/npgsql/npgsql/releases/tag/v6.0.11af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/npgsql/npgsql/releases/tag/v7.0.7af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/npgsql/npgsql/releases/tag/v8.0.3af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8caf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v4.0.14
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v4.1.13
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v5.0.18
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v6.0.11
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v7.0.7
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v8.0.3
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://www.youtube.com/watch?v=Tfg1B8u1yvE
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v4.0.14
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v4.1.13
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v5.0.18
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v6.0.11
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v7.0.7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/releases/tag/v8.0.3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

59Records found
CVE-2021-44593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-5.37% / 89.71%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 18:08
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php.

Action-Not Available
Vendor-simple_college_website_projectn/a
Product-simple_college_websiten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43766
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-8.1||HIGH
EPSS-0.19% / 41.55%
||
7 Day CHG+0.11%
Published-25 Aug, 2022 | 17:27
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.

Action-Not Available
Vendor-odyssey_projectn/a
Product-odysseyOdyssey
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-18614
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.75% / 72.13%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 11:44
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.

Action-Not Available
Vendor-wp-kaman/a
Product-kama_click_countern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-17919
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.48% / 64.32%
||
7 Day CHG~0.00%
Published-29 Dec, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input

Action-Not Available
Vendor-n/aRuby on Rails
Product-ruby_on_railsn/aruby_on_rails
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-17917
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.78% / 81.94%
||
7 Day CHG~0.00%
Published-29 Dec, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input

Action-Not Available
Vendor-n/aRuby on Rails
Product-railsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-17916
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.58% / 67.96%
||
7 Day CHG~0.00%
Published-29 Dec, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input

Action-Not Available
Vendor-n/aRuby on Rails
Product-railsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-29644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.62% / 85.11%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 18:19
Updated-03 Aug, 2024 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the underlying OS.

Action-Not Available
Vendor-n/aHitachi, Ltd.Microsoft Corporation
Product-job_management_partner_1\/it_desktop_management-managerjp1\/remote_control_agentjp1\/it_desktop_management-managerjp1\/it_desktop_management_2-managerjp1\/it_desktop_management_2-operations_directorjob_management_partner_1\/remote_control_agentwindowsjp1\/netdm\/dm_clientjob_management_partner_1\/software_distribution_clientjp1\/netdm\/dm_managerjp1\/netm\/remote_control_agentjob_management_partner_1\/software_distribution_managerjob_management_partner_1\/it_desktop_management_2-managerit_operations_directorjp1\/netdm\/dm_client-remote_control_featuren/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-26109
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-8.1||HIGH
EPSS-1.34% / 79.25%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 12:22
Updated-25 Oct, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortinet FortiOS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-33410
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.14% / 35.06%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 00:00
Updated-25 Mar, 2025 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-n/aCampCodes
Product-complete_web-based_school_management_systemn/acomplete_web-based_school_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • Next
Details not found