The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Postgresql-ocaml | Ocaml | 1.5.4 (including) | 1.5.4 (including) |
Postgresql-ocaml | Ocaml | 1.7.0 (including) | 1.7.0 (including) |
Postgresql-ocaml | Ocaml | 1.12.1 (including) | 1.12.1 (including) |
Postgresql-ocaml | Ubuntu | dapper | * |
Postgresql-ocaml | Ubuntu | hardy | * |
Postgresql-ocaml | Ubuntu | intrepid | * |
Postgresql-ocaml | Ubuntu | jaunty | * |
Postgresql-ocaml | Ubuntu | karmic | * |
Postgresql-ocaml | Ubuntu | upstream | * |