Endpoint Vulnerability

PostgreSQL: Certain nested CASE/WHEN expressions can crash server

Description

A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

Affected Products

PostgreSQL

References

CVE-2016-5423,