Fluid Attacks Database

Description

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	courier-authlib	>=0 <0.61.0-1+lenny1	0.61.0-1+lenny1
debian 11	courier-authlib	>=0 <0.61.0-1+lenny1	0.61.0-1+lenny1
debian 12	courier-authlib	>=0 <0.61.0-1+lenny1	0.61.0-1+lenny1
debian 14	courier-authlib	>=0 <0.61.0-1+lenny1	0.61.0-1+lenny1

Aliases

1. CVE-2008-23802. NVD-2008-23803. OSV-DEBIAN-2008-23804. OSV-2008-23805. SECURITY-TRACKER-CVE-2008-2380

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.