Computer Security
[EN] securityvulns.ru no-pyccku


pygresql / mysql-ocaml / postgresql-ocaml SQL injection
Published:15.10.2009
Source:
SecurityVulns ID:10324
Type:library
Threat Level:
6/10
Description:Text escaping functions are not colled for multibyte charsets.
Affected:PYGRESQL : pygresql 4.0
 MYSQL : mysql-ocaml 1.0
 POSTGRES : postgresql-ocaml 1.7
CVE:CVE-2009-2943 (The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.)
 CVE-2009-2942 (The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.)
 CVE-2009-2940 (The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1911-1] New pygresql packages provide secure escaping (15.10.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod