[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110210

 
 

909

 
 

86021

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2007-4769Date: (C)2008-01-09   (M)2018-06-02


The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 6.8
Exploit Score: Exploit Score: 8.0
Impact Score: Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: SINGLE_INSTANCE
User Interaction: Confidentiality: NONE
Scope: Integrity: NONE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1019157
SUNALERT-103197
SUNALERT-200559
http://www.securityfocus.com/archive/1/archive/1/485864/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/486407/100/0/threaded
BID-27163
SECUNIA-28359
SECUNIA-28376
SECUNIA-28437
SECUNIA-28438
SECUNIA-28454
SECUNIA-28455
SECUNIA-28464
SECUNIA-28477
SECUNIA-28479
SECUNIA-28679
SECUNIA-28698
SECUNIA-29638
ADV-2008-0061
ADV-2008-0109
ADV-2008-1071
DSA-1460
DSA-1463
FEDORA-2008-0478
FEDORA-2008-0552
GLSA-200801-15
HPSBTU02325
MDVSA-2008:004
RHSA-2008:0038
RHSA-2008:0040
SSRT080006
SUSE-SA:2008:005
USN-568-1
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
http://www.postgresql.org/about/news.905
https://issues.rpath.com/browse/RPL-1768
postgresql-backref-dos(39499)

CPE    40
cpe:/a:postgresql:postgresql:7.4.10
cpe:/a:postgresql:postgresql:7.4.9
cpe:/a:postgresql:postgresql:7.4.11
cpe:/a:postgresql:postgresql:7.4.8
...
CWE    1
CWE-189
OVAL    3
oval:org.mitre.oval:def:7844
oval:org.mitre.oval:def:8199
oval:org.secpod.oval:def:301295

© SecPod Technologies