Bug 2345548 (CVE-2025-1094) - CVE-2025-1094 postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
Summary: CVE-2025-1094 postgresql: PostgreSQL quoting APIs miss neutralizing quoting s...
Keywords:
Status: NEW
Alias: CVE-2025-1094
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2345571 2345572 2345573 2345706 2345568 2345569 2345570 2345705
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-13 14:01 UTC by OSIDB Bzimport
Modified: 2025-04-17 07:13 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:1760 0 None None None 2025-02-24 08:06:22 UTC
Red Hat Product Errata RHBA-2025:1761 0 None None None 2025-02-24 09:24:45 UTC
Red Hat Product Errata RHBA-2025:1762 0 None None None 2025-02-24 09:49:33 UTC
Red Hat Product Errata RHBA-2025:1769 0 None None None 2025-02-24 15:21:10 UTC
Red Hat Product Errata RHBA-2025:1864 0 None None None 2025-02-25 20:25:26 UTC
Red Hat Product Errata RHBA-2025:1868 0 None None None 2025-02-26 13:30:15 UTC
Red Hat Product Errata RHBA-2025:1932 0 None None None 2025-02-27 16:20:59 UTC
Red Hat Product Errata RHBA-2025:1935 0 None None None 2025-02-27 17:23:26 UTC
Red Hat Product Errata RHBA-2025:1936 0 None None None 2025-02-27 17:30:54 UTC
Red Hat Product Errata RHBA-2025:1937 0 None None None 2025-02-27 18:52:52 UTC
Red Hat Product Errata RHBA-2025:3133 0 None None None 2025-03-25 08:44:31 UTC
Red Hat Product Errata RHSA-2025:1720 0 None None None 2025-02-20 14:47:14 UTC
Red Hat Product Errata RHSA-2025:1721 0 None None None 2025-02-20 15:00:41 UTC
Red Hat Product Errata RHSA-2025:1722 0 None None None 2025-02-20 14:58:42 UTC
Red Hat Product Errata RHSA-2025:1723 0 None None None 2025-02-20 15:04:57 UTC
Red Hat Product Errata RHSA-2025:1724 0 None None None 2025-02-20 15:05:43 UTC
Red Hat Product Errata RHSA-2025:1725 0 None None None 2025-02-20 14:53:11 UTC
Red Hat Product Errata RHSA-2025:1726 0 None None None 2025-02-20 15:43:23 UTC
Red Hat Product Errata RHSA-2025:1727 0 None None None 2025-02-20 15:43:34 UTC
Red Hat Product Errata RHSA-2025:1728 0 None None None 2025-02-20 15:02:12 UTC
Red Hat Product Errata RHSA-2025:1729 0 None None None 2025-02-20 15:42:11 UTC
Red Hat Product Errata RHSA-2025:1730 0 None None None 2025-02-20 15:44:02 UTC
Red Hat Product Errata RHSA-2025:1731 0 None None None 2025-02-20 15:44:37 UTC
Red Hat Product Errata RHSA-2025:1732 0 None None None 2025-02-20 15:43:04 UTC
Red Hat Product Errata RHSA-2025:1733 0 None None None 2025-02-20 15:41:30 UTC
Red Hat Product Errata RHSA-2025:1735 0 None None None 2025-02-20 16:19:32 UTC
Red Hat Product Errata RHSA-2025:1736 0 None None None 2025-02-20 16:56:51 UTC
Red Hat Product Errata RHSA-2025:1737 0 None None None 2025-02-20 16:57:34 UTC
Red Hat Product Errata RHSA-2025:1738 0 None None None 2025-02-20 16:26:49 UTC
Red Hat Product Errata RHSA-2025:1739 0 None None None 2025-02-20 17:25:27 UTC
Red Hat Product Errata RHSA-2025:1740 0 None None None 2025-02-20 17:08:14 UTC
Red Hat Product Errata RHSA-2025:1741 0 None None None 2025-02-20 17:07:05 UTC
Red Hat Product Errata RHSA-2025:1742 0 None None None 2025-02-20 16:59:38 UTC
Red Hat Product Errata RHSA-2025:1743 0 None None None 2025-02-20 17:03:43 UTC
Red Hat Product Errata RHSA-2025:1744 0 None None None 2025-02-20 17:22:49 UTC
Red Hat Product Errata RHSA-2025:1745 0 None None None 2025-02-20 17:45:49 UTC
Red Hat Product Errata RHSA-2025:3050 0 None None None 2025-03-20 04:33:35 UTC
Red Hat Product Errata RHSA-2025:3062 0 None None None 2025-03-20 07:24:55 UTC
Red Hat Product Errata RHSA-2025:3063 0 None None None 2025-03-20 07:31:38 UTC
Red Hat Product Errata RHSA-2025:3064 0 None None None 2025-03-20 07:47:13 UTC
Red Hat Product Errata RHSA-2025:3082 0 None None None 2025-03-20 14:54:17 UTC
Red Hat Product Errata RHSA-2025:3978 0 None None None 2025-04-17 07:13:22 UTC

Description OSIDB Bzimport 2025-02-13 14:01:01 UTC 
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns.  Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal.  Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL.  Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Comment 4 Bojan Smojver 2025-02-20 01:19:24 UTC 
No patches yet? Not even Fedora rebuilds?
Comment 5 errata-xmlrpc 2025-02-20 14:47:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:1720 https://access.redhat.com/errata/RHSA-2025:1720
Comment 6 errata-xmlrpc 2025-02-20 14:53:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:1725 https://access.redhat.com/errata/RHSA-2025:1725
Comment 7 errata-xmlrpc 2025-02-20 14:58:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:1722 https://access.redhat.com/errata/RHSA-2025:1722
Comment 8 errata-xmlrpc 2025-02-20 15:00:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:1721 https://access.redhat.com/errata/RHSA-2025:1721
Comment 9 errata-xmlrpc 2025-02-20 15:02:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:1728 https://access.redhat.com/errata/RHSA-2025:1728
Comment 10 errata-xmlrpc 2025-02-20 15:04:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:1723 https://access.redhat.com/errata/RHSA-2025:1723
Comment 11 errata-xmlrpc 2025-02-20 15:05:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2025:1724 https://access.redhat.com/errata/RHSA-2025:1724
Comment 12 errata-xmlrpc 2025-02-20 15:41:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:1733 https://access.redhat.com/errata/RHSA-2025:1733
Comment 13 errata-xmlrpc 2025-02-20 15:42:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:1729 https://access.redhat.com/errata/RHSA-2025:1729
Comment 14 errata-xmlrpc 2025-02-20 15:43:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1732 https://access.redhat.com/errata/RHSA-2025:1732
Comment 15 errata-xmlrpc 2025-02-20 15:43:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1726 https://access.redhat.com/errata/RHSA-2025:1726
Comment 16 errata-xmlrpc 2025-02-20 15:43:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:1727 https://access.redhat.com/errata/RHSA-2025:1727
Comment 17 errata-xmlrpc 2025-02-20 15:44:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1730 https://access.redhat.com/errata/RHSA-2025:1730
Comment 18 errata-xmlrpc 2025-02-20 15:44:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1731 https://access.redhat.com/errata/RHSA-2025:1731
Comment 19 errata-xmlrpc 2025-02-20 16:19:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2025:1735 https://access.redhat.com/errata/RHSA-2025:1735
Comment 20 errata-xmlrpc 2025-02-20 16:26:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:1738 https://access.redhat.com/errata/RHSA-2025:1738
Comment 21 errata-xmlrpc 2025-02-20 16:56:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:1736 https://access.redhat.com/errata/RHSA-2025:1736
Comment 22 errata-xmlrpc 2025-02-20 16:57:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:1737 https://access.redhat.com/errata/RHSA-2025:1737
Comment 23 errata-xmlrpc 2025-02-20 16:59:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:1742 https://access.redhat.com/errata/RHSA-2025:1742
Comment 24 errata-xmlrpc 2025-02-20 17:03:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:1743 https://access.redhat.com/errata/RHSA-2025:1743
Comment 25 errata-xmlrpc 2025-02-20 17:07:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:1741 https://access.redhat.com/errata/RHSA-2025:1741
Comment 26 errata-xmlrpc 2025-02-20 17:08:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:1740 https://access.redhat.com/errata/RHSA-2025:1740
Comment 27 errata-xmlrpc 2025-02-20 17:22:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:1744 https://access.redhat.com/errata/RHSA-2025:1744
Comment 28 errata-xmlrpc 2025-02-20 17:25:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:1739 https://access.redhat.com/errata/RHSA-2025:1739
Comment 29 errata-xmlrpc 2025-02-20 17:45:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:1745 https://access.redhat.com/errata/RHSA-2025:1745
Comment 30 errata-xmlrpc 2025-03-20 04:33:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:3050 https://access.redhat.com/errata/RHSA-2025:3050
Comment 31 errata-xmlrpc 2025-03-20 07:24:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2025:3062 https://access.redhat.com/errata/RHSA-2025:3062
Comment 32 errata-xmlrpc 2025-03-20 07:31:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:3063 https://access.redhat.com/errata/RHSA-2025:3063
Comment 33 errata-xmlrpc 2025-03-20 07:47:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:3064 https://access.redhat.com/errata/RHSA-2025:3064
Comment 34 errata-xmlrpc 2025-03-20 14:54:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:3082 https://access.redhat.com/errata/RHSA-2025:3082
Comment 37 errata-xmlrpc 2025-04-17 07:13:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:3978 https://access.redhat.com/errata/RHSA-2025:3978
Note You need to log in before you can comment on or make changes to this bug.