{
  "threat_severity" : "Important",
  "public_date" : "2018-11-08T00:00:00Z",
  "bugzilla" : {
    "description" : "postgresql: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING",
    "id" : "1645937",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1645937"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.0",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-89",
  "details" : [ "postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.", "A SQL Injection flaw has been discovered in PostgreSQL server in the way triggers that enable transition relations are dumped. The transition relation name is not correctly quoted and it may allow an attacker with CREATE privilege on some non-temporary schema or TRIGGER privilege on some table to create a malicious trigger that, when dumped and restored, would result in additional SQL statements being executed." ],
  "statement" : "This issue did not affect the versions of postgresql as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include support for triggers with `referecing` syntax, which was included in a later version of the program. \nIt also doesn't affect the versions of postgresql shipped with CloudForms 4.2, 4.5 and 4.6,  and Satellite 5, for the same reason as above.\nThis issue did not affect the versions of postgresql shipped within Tower, as there is no code path for Tower users to call the CREATE statement.",
  "affected_release" : [ {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2018-12-03T00:00:00Z",
    "advisory" : "RHSA-2018:3757",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-postgresql10-postgresql-0:10.6-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS",
    "release_date" : "2018-12-03T00:00:00Z",
    "advisory" : "RHSA-2018:3757",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-postgresql10-postgresql-0:10.6-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
    "release_date" : "2018-12-03T00:00:00Z",
    "advisory" : "RHSA-2018:3757",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-postgresql10-postgresql-0:10.6-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2018-12-03T00:00:00Z",
    "advisory" : "RHSA-2018:3757",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-postgresql10-postgresql-0:10.6-1.el7"
  } ],
  "package_state" : [ {
    "product_name" : "CloudForms Management Engine 5",
    "fix_state" : "Not affected",
    "package_name" : "postgresql96",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5"
  }, {
    "product_name" : "Red Hat Ansible Tower 3",
    "fix_state" : "Not affected",
    "package_name" : "postgresql96-libs",
    "cpe" : "cpe:/a:redhat:ansible_tower:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "postgresql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "postgresql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "postgresql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "libpq",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "postgresql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Satellite 5",
    "fix_state" : "Not affected",
    "package_name" : "rh-postgresql95-postgresql",
    "cpe" : "cpe:/a:redhat:network_satellite:5"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "rh-postgresql95-postgresql",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "rh-postgresql96-postgresql",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Not affected",
    "package_name" : "postgresql",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Not affected",
    "package_name" : "rh-postgresql95-postgresql",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-16850\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16850\nhttps://www.postgresql.org/about/news/1905/" ],
  "name" : "CVE-2018-16850",
  "csaw" : false
}