[Forgot Password]
Login  Register Subscribe

23631

 
 

115036

 
 

95906

 
 

909

 
 

77949

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-4015

Date: (C)2011-02-01   (M)2017-08-18
 
CVSS Score: 6.5Access Vector: NETWORK
Exploitability Subscore: 8.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: SINGLE_INSTANCE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.

Reference:
SECUNIA-43144
SECUNIA-43154
SECUNIA-43155
SECUNIA-43187
SECUNIA-43188
SECUNIA-43240
BID-46084
OSVDB-70740
ADV-2011-0262
ADV-2011-0278
ADV-2011-0283
ADV-2011-0287
ADV-2011-0299
ADV-2011-0303
ADV-2011-0349
DSA-2157
FEDORA-2011-0963
FEDORA-2011-0990
IAVM:2012-A-0136
MDVSA-2011:021
RHSA-2011:0197
RHSA-2011:0198
SSRT100617
SUSE-SR:2011:005
USN-1058-1
http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://www.postgresql.org/about/news.1289
http://www.postgresql.org/support/security
postgresql-gettoken-buffer-overflow(65060)

CPE    43
cpe:/a:postgresql:postgresql:8.2.18
cpe:/a:postgresql:postgresql:8.3.12
cpe:/a:postgresql:postgresql:8.3.13
cpe:/a:postgresql:postgresql:8.2.9
...
CWE    1
CWE-189
OVAL    26
oval:org.secpod.oval:def:1000164
oval:org.secpod.oval:def:1000082
oval:org.secpod.oval:def:1000159
oval:org.secpod.oval:def:200216
...

© 2013 SecPod Technologies