CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-8806

The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.6%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 3.6

References

Products affected by CVE-2017-8806

Postgresql » Postgresql » Version: N/A

cpe:2.3:a:postgresql:postgresql:-
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04
Canonical » Ubuntu Linux » Version: 17.04

cpe:2.3:o:canonical:ubuntu_linux:17.04
Canonical » Ubuntu Linux » Version: 17.10

cpe:2.3:o:canonical:ubuntu_linux:17.10
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-8806

Products

Pricing

Contact Us