AZL-56791

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56791.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-56791

Upstream

CVE-2025-1094

Published

2025-02-13T13:15:09Z

Modified

2026-04-21T04:36:12.675911Z

Summary

CVE-2025-1094 affecting package postgresql for versions less than 14.16-1

Details

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when clientencoding is BIG5 and serverencoding is one of EUCTW or MULEINTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1094

Affected packages

Azure Linux:2 / postgresql

Package

Name: postgresql
Purl: pkg:rpm/azure-linux/postgresql

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

14.16-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56791.json"