[Forgot Password]
Login  Register Subscribe

23631

 
 

126998

 
 

102010

 
 

909

 
 

80911

 
 

121

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2010-4015Date: (C)2011-02-01   (M)2018-02-19


Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : CVSS Score  : 6.5
Exploit Score: Exploit Score: 8.0
Impact Score : Impact Score : 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: SINGLE_INSTANCE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  





Reference:
SECUNIA-43144
SECUNIA-43154
SECUNIA-43155
SECUNIA-43187
SECUNIA-43188
SECUNIA-43240
BID-46084
OSVDB-70740
ADV-2011-0262
ADV-2011-0278
ADV-2011-0283
ADV-2011-0287
ADV-2011-0299
ADV-2011-0303
ADV-2011-0349
DSA-2157
FEDORA-2011-0963
FEDORA-2011-0990
IAVM:2012-A-0136
MDVSA-2011:021
RHSA-2011:0197
RHSA-2011:0198
SSRT100617
SUSE-SR:2011:005
USN-1058-1
http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://www.postgresql.org/about/news.1289
http://www.postgresql.org/support/security
postgresql-gettoken-buffer-overflow(65060)

CPE    43
cpe:/a:postgresql:postgresql:8.2.9
cpe:/a:postgresql:postgresql:8.2.8
cpe:/a:postgresql:postgresql:8.2
cpe:/a:postgresql:postgresql:8.2.1
...
CWE    1
CWE-189
OVAL    26
oval:org.secpod.oval:def:1000164
oval:org.secpod.oval:def:1000082
oval:org.secpod.oval:def:1000159
oval:org.secpod.oval:def:500239
...

© 2013 SecPod Technologies