UBUNTU-CVE-2025-1094
- Source
- https://ubuntu.com/security/CVE-2025-1094
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-1094.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-1094
- Upstream
- Downstream
- Related
- Published
- 2025-02-13T13:15:00Z
- Modified
- 2025-09-08T17:06:48Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when clientencoding is BIG5 and serverencoding is one of EUCTW or MULEINTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
- References
-
- https://ubuntu.com/security/CVE-2025-1094
- https://www.cve.org/CVERecord?id=CVE-2025-1094
- https://lists.debian.org/debian-lts-announce/2025/02/msg00015.html
- https://www.postgresql.org/support/security/CVE-2025-1094/
- https://ubuntu.com/security/notices/USN-7315-1
- https://ubuntu.com/security/notices/USN-7315-2
Affected packages
Ubuntu:20.04:LTS
postgresql-12
Package
- Name
- postgresql-12
- Purl
- pkg:deb/ubuntu/postgresql-12@12.22-0ubuntu0.20.04.2?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed12.22-0ubuntu0.20.04.2
Affected versions
12.*
12.0-1
12.1-1
12.1-2build1
12.2-1
12.2-1ubuntu2
12.2-4
12.4-0ubuntu0.20.04.1
12.5-0ubuntu0.20.04.1
12.6-0ubuntu0.20.04.1
12.7-0ubuntu0.20.04.1
12.8-0ubuntu0.20.04.1
12.9-0ubuntu0.20.04.1
12.10-0ubuntu0.20.04.1
12.11-0ubuntu0.20.04.1
12.12-0ubuntu0.20.04.1
12.13-0ubuntu0.20.04.1
12.14-0ubuntu0.20.04.1
12.15-0ubuntu0.20.04.1
12.16-0ubuntu0.20.04.1
12.17-0ubuntu0.20.04.1
12.18-0ubuntu0.20.04.1
12.19-0ubuntu0.20.04.1
12.20-0ubuntu0.20.04.1
12.22-0ubuntu0.20.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "12.22-0ubuntu0.20.04.2",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "12.22-0ubuntu0.20.04.2",
"binary_name": "libecpg-dev"
},
{
"binary_version": "12.22-0ubuntu0.20.04.2",
"binary_name": "libecpg6"
},
{
"binary_version": "12.22-0ubuntu0.20.04.2",
"binary_name": "libpgtypes3"
},
{
"binary_version": "12.22-0ubuntu0.20.04.2",
"binary_name": "libpq-dev"
},
{
"binary_version": "12.22-0ubuntu0.20.04.2",
"binary_name": "libpq5"
},
{
"binary_version": "12.22-0ubuntu0.20.04.2",
"binary_name": "postgresql-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.2",
"binary_name": "postgresql-client-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.2",
"binary_name": "postgresql-doc-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.2",
"binary_name": "postgresql-plperl-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.2",
"binary_name": "postgresql-plpython3-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.2",
"binary_name": "postgresql-pltcl-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.2",
"binary_name": "postgresql-server-dev-12"
}
],
"availability": "No subscription required"
}Ubuntu:22.04:LTS
postgresql-14
Package
- Name
- postgresql-14
- Purl
- pkg:deb/ubuntu/postgresql-14@14.17-0ubuntu0.22.04.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.17-0ubuntu0.22.04.1
Affected versions
14.*
14.1-1ubuntu1
14.2-1
14.2-1ubuntu1
14.3-0ubuntu0.22.04.1
14.4-0ubuntu0.22.04.1
14.5-0ubuntu0.22.04.1
14.6-0ubuntu0.22.04.1
14.7-0ubuntu0.22.04.1
14.8-0ubuntu0.22.04.1
14.9-0ubuntu0.22.04.1
14.10-0ubuntu0.22.04.1
14.11-0ubuntu0.22.04.1
14.12-0ubuntu0.22.04.1
14.13-0ubuntu0.22.04.1
14.15-0ubuntu0.22.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "14.17-0ubuntu0.22.04.1",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "14.17-0ubuntu0.22.04.1",
"binary_name": "libecpg-dev"
},
{
"binary_version": "14.17-0ubuntu0.22.04.1",
"binary_name": "libecpg6"
},
{
"binary_version": "14.17-0ubuntu0.22.04.1",
"binary_name": "libpgtypes3"
},
{
"binary_version": "14.17-0ubuntu0.22.04.1",
"binary_name": "libpq-dev"
},
{
"binary_version": "14.17-0ubuntu0.22.04.1",
"binary_name": "libpq5"
},
{
"binary_version": "14.17-0ubuntu0.22.04.1",
"binary_name": "postgresql-14"
},
{
"binary_version": "14.17-0ubuntu0.22.04.1",
"binary_name": "postgresql-client-14"
},
{
"binary_version": "14.17-0ubuntu0.22.04.1",
"binary_name": "postgresql-doc-14"
},
{
"binary_version": "14.17-0ubuntu0.22.04.1",
"binary_name": "postgresql-plperl-14"
},
{
"binary_version": "14.17-0ubuntu0.22.04.1",
"binary_name": "postgresql-plpython3-14"
},
{
"binary_version": "14.17-0ubuntu0.22.04.1",
"binary_name": "postgresql-pltcl-14"
},
{
"binary_version": "14.17-0ubuntu0.22.04.1",
"binary_name": "postgresql-server-dev-14"
}
],
"availability": "No subscription required"
}Ubuntu:24.04:LTS
postgresql-16
Package
- Name
- postgresql-16
- Purl
- pkg:deb/ubuntu/postgresql-16@16.8-0ubuntu0.24.04.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed16.8-0ubuntu0.24.04.1
Affected versions
16.*
16.0-2
16.1-1
16.1-1build1
16.1-1build3
16.2-1
16.2-1ubuntu2
16.2-1ubuntu3
16.2-1ubuntu4
16.3-0ubuntu0.24.04.1
16.4-0ubuntu0.24.04.1
16.4-0ubuntu0.24.04.2
16.6-0ubuntu0.24.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "16.8-0ubuntu0.24.04.1",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "16.8-0ubuntu0.24.04.1",
"binary_name": "libecpg-dev"
},
{
"binary_version": "16.8-0ubuntu0.24.04.1",
"binary_name": "libecpg6"
},
{
"binary_version": "16.8-0ubuntu0.24.04.1",
"binary_name": "libpgtypes3"
},
{
"binary_version": "16.8-0ubuntu0.24.04.1",
"binary_name": "libpq-dev"
},
{
"binary_version": "16.8-0ubuntu0.24.04.1",
"binary_name": "libpq5"
},
{
"binary_version": "16.8-0ubuntu0.24.04.1",
"binary_name": "postgresql-16"
},
{
"binary_version": "16.8-0ubuntu0.24.04.1",
"binary_name": "postgresql-client-16"
},
{
"binary_version": "16.8-0ubuntu0.24.04.1",
"binary_name": "postgresql-doc-16"
},
{
"binary_version": "16.8-0ubuntu0.24.04.1",
"binary_name": "postgresql-plperl-16"
},
{
"binary_version": "16.8-0ubuntu0.24.04.1",
"binary_name": "postgresql-plpython3-16"
},
{
"binary_version": "16.8-0ubuntu0.24.04.1",
"binary_name": "postgresql-pltcl-16"
},
{
"binary_version": "16.8-0ubuntu0.24.04.1",
"binary_name": "postgresql-server-dev-16"
}
],
"availability": "No subscription required"
}Ubuntu:Pro:14.04:LTS
postgresql-9.3
Package
- Name
- postgresql-9.3
- Purl
- pkg:deb/ubuntu/postgresql-9.3@9.3.24-0ubuntu0.14.04+esm1?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.3.1-1
9.3.2-1
9.3.2-1ubuntu1
9.3.2-1ubuntu2
9.3.3-1
9.3.3-1bzr1
9.3.3-1bzr2
9.3.4-1
9.3.5-0ubuntu0.14.04.1
9.3.6-0ubuntu0.14.04
9.3.7-0ubuntu0.14.04
9.3.8-0ubuntu0.4.04
9.3.9-0ubuntu0.14.04
9.3.10-0ubuntu0.14.04
9.3.11-0ubuntu0.14.04
9.3.12-0ubuntu0.14.04
9.3.13-0ubuntu0.14.04
9.3.14-0ubuntu0.14.04
9.3.15-0ubuntu0.14.04
9.3.16-0ubuntu0.14.04
9.3.17-0ubuntu0.14.04
9.3.18-0ubuntu0.14.04.1
9.3.19-0ubuntu0.14.04
9.3.20-0ubuntu0.14.04
9.3.21-0ubuntu0.14.04
9.3.22-0ubuntu0.14.04
9.3.23-0ubuntu0.14.04
9.3.24-0ubuntu0.14.04
9.3.24-0ubuntu0.14.04+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libecpg-dev"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libecpg6"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libpgtypes3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libpq-dev"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libpq5"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-client-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-contrib-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-doc-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-plperl-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-plpython-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-plpython3-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-pltcl-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-server-dev-9.3"
}
]
}Ubuntu:Pro:16.04:LTS
postgresql-9.5
Package
- Name
- postgresql-9.5
- Purl
- pkg:deb/ubuntu/postgresql-9.5@9.5.25-0ubuntu0.16.04.1+esm10?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.5.0-1
9.5.0-2
9.5.0-3
9.5.1-1
9.5.2-1
9.5.3-0ubuntu0.16.04
9.5.4-0ubuntu0.16.04
9.5.5-0ubuntu0.16.04
9.5.6-0ubuntu0.16.04
9.5.7-0ubuntu0.16.04
9.5.8-0ubuntu0.16.04.1
9.5.9-0ubuntu0.16.04
9.5.10-0ubuntu0.16.04
9.5.11-0ubuntu0.16.04
9.5.12-0ubuntu0.16.04
9.5.13-0ubuntu0.16.04
9.5.14-0ubuntu0.16.04
9.5.16-0ubuntu0.16.04.1
9.5.17-0ubuntu0.16.04.1
9.5.18-0ubuntu0.16.04.1
9.5.19-0ubuntu0.16.04.1
9.5.21-0ubuntu0.16.04.1
9.5.23-0ubuntu0.16.04.1
9.5.24-0ubuntu0.16.04.1
9.5.25-0ubuntu0.16.04.1
9.5.25-0ubuntu0.16.04.1+esm1
9.5.25-0ubuntu0.16.04.1+esm2
9.5.25-0ubuntu0.16.04.1+esm3
9.5.25-0ubuntu0.16.04.1+esm4
9.5.25-0ubuntu0.16.04.1+esm5
9.5.25-0ubuntu0.16.04.1+esm6
9.5.25-0ubuntu0.16.04.1+esm7
9.5.25-0ubuntu0.16.04.1+esm8
9.5.25-0ubuntu0.16.04.1+esm10
Ecosystem specific
{
"binaries": [
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libecpg-dev"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libecpg6"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libpgtypes3"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libpq-dev"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libpq5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-client-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-contrib-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-doc-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-plperl-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-plpython-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-plpython3-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-pltcl-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-server-dev-9.5"
}
]
}Ubuntu:Pro:18.04:LTS
postgresql-10
Package
- Name
- postgresql-10
- Purl
- pkg:deb/ubuntu/postgresql-10@10.23-0ubuntu0.18.04.2+esm3?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.23-0ubuntu0.18.04.2+esm3
Affected versions
10.*
10.1-1
10.1-2
10.2-1
10.3-1
10.4-0ubuntu0.18.04
10.5-0ubuntu0.18.04
10.6-0ubuntu0.18.04.1
10.7-0ubuntu0.18.04.1
10.8-0ubuntu0.18.04.1
10.9-0ubuntu0.18.04.1
10.10-0ubuntu0.18.04.1
10.12-0ubuntu0.18.04.1
10.14-0ubuntu0.18.04.1
10.15-0ubuntu0.18.04.1
10.16-0ubuntu0.18.04.1
10.17-0ubuntu0.18.04.1
10.18-0ubuntu0.18.04.1
10.19-0ubuntu0.18.04.1
10.20-0ubuntu0.18.04.1
10.21-0ubuntu0.18.04.1
10.22-0ubuntu0.18.04.1
10.23-0ubuntu0.18.04.1
10.23-0ubuntu0.18.04.2
10.23-0ubuntu0.18.04.2+esm1
10.23-0ubuntu0.18.04.2+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libecpg-dev"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libecpg6"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libpgtypes3"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libpq-dev"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libpq5"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-client-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-doc-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-plperl-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-plpython-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-plpython3-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-pltcl-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-server-dev-10"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}