CVE-2009-2940 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2009-2940

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

Affected Software

Name	Vendor	Start Version	End Version
Pygresql	Pygresql	3.8.1 (including)	3.8.1 (including)
Pygresql	Pygresql	4.0 (including)	4.0 (including)
Pygresql	Ubuntu	dapper	*
Pygresql	Ubuntu	hardy	*
Pygresql	Ubuntu	intrepid	*
Pygresql	Ubuntu	upstream	*

References

http://secunia.com/advisories/37046
http://secunia.com/advisories/37654
http://ubuntu.com/usn/usn-870-1
http://www.debian.org/security/2009/dsa-1911
http://www.osvdb.org/59028
http://secunia.com/advisories/37046
http://secunia.com/advisories/37654
http://ubuntu.com/usn/usn-870-1
http://www.debian.org/security/2009/dsa-1911
http://www.osvdb.org/59028