CVE

CVE-2007-0555

Date: (C)2007-02-05   (M)2023-12-22

PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 8.5
Exploit Score: 8.0
Impact Score: 9.2
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: NONE
Availability: COMPLETE

Reference:

SECTRACK-1017597

SUNALERT-102825

2007-0007

20070201-01-P

http://www.securityfocus.com/archive/1/459280/100/0/threaded

http://www.securityfocus.com/archive/1/459448/100/0/threaded

BID-22387

SECUNIA-24028

SECUNIA-24033

SECUNIA-24042

SECUNIA-24050

SECUNIA-24057

SECUNIA-24094

SECUNIA-24151

SECUNIA-24158

SECUNIA-24284

SECUNIA-24315

SECUNIA-24513

SECUNIA-24577

SECUNIA-25220

OSVDB-33087

ADV-2007-0478

ADV-2007-0774

DSA-1261

FEDORA-2007-198

GLSA-200703-15

MDKSA-2007:037

RHSA-2007:0064

RHSA-2007:0067

RHSA-2007:0068

SUSE-SR:2007:010

USN-417-1

USN-417-2

http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html

http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm

http://www.postgresql.org/support/security

https://issues.rpath.com/browse/RPL-1025

https://issues.rpath.com/browse/RPL-830

oval:org.mitre.oval:def:9739

postgresql-sqlfunctions-info-disclosure(32195)