CyberSec.Space Logo
Back to CVE Browser

CVE-2005-3656

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0510%
EPSS Percentile17.47th
PublishedDec 31, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.

Affected Platforms (CPE)

πŸ“¦
Guiseppe Tanzilli And Matthias Eckermann

Mod Auth Pgsql

<= 2.0.3
πŸ“¦
Guiseppe Tanzilli And Matthias Eckermann

Mod Auth Pgsql

= 0.9.5
πŸ“¦
Guiseppe Tanzilli And Matthias Eckermann

Mod Auth Pgsql

= 0.9.6

References & Advisories

πŸ”— ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
πŸ”— http://secunia.com/advisories/18304
πŸ”— http://secunia.com/advisories/18321
πŸ”— http://secunia.com/advisories/18347
πŸ”— http://secunia.com/advisories/18348
πŸ”— http://secunia.com/advisories/18350
πŸ”— http://secunia.com/advisories/18397
πŸ”— http://secunia.com/advisories/18403

Related Vulnerabilities

CVE-2001-13797.5

The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...