1. Home
  2. CVE Database
  3. CVE-2013-1900
HIGH · 8.5

CVE-2013-1900

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated use...

Vulnerability Description

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."

CVSS Score

8.5

HIGH

AV:N/AC:M/Au:S/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
PostgresqlPostgresql9.2
CanonicalUbuntu Linux8.04

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2013-1900?

CVE-2013-1900 is a vulnerability with a CVSS score of 8.5 (HIGH). PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated use...

How severe is CVE-2013-1900?

CVE-2013-1900 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1900?

Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Canonical Ubuntu Linux.