[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2010-4015Date: (C)2011-02-01   (M)2018-06-11


Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE_INSTANCE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-43144
SECUNIA-43154
SECUNIA-43155
SECUNIA-43187
SECUNIA-43188
SECUNIA-43240
BID-46084
OSVDB-70740
ADV-2011-0262
ADV-2011-0278
ADV-2011-0283
ADV-2011-0287
ADV-2011-0299
ADV-2011-0303
ADV-2011-0349
DSA-2157
FEDORA-2011-0963
FEDORA-2011-0990
IAVM:2012-A-0136
MDVSA-2011:021
RHSA-2011:0197
RHSA-2011:0198
SSRT100617
SUSE-SR:2011:005
USN-1058-1
http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://www.postgresql.org/about/news.1289
http://www.postgresql.org/support/security
postgresql-gettoken-buffer-overflow(65060)

CPE    43
cpe:/a:postgresql:postgresql:8.2.9
cpe:/a:postgresql:postgresql:8.2.8
cpe:/a:postgresql:postgresql:8.4.6
cpe:/a:postgresql:postgresql:8.3.12
...
CWE    1
CWE-189
OVAL    26
oval:org.secpod.oval:def:1000164
oval:org.secpod.oval:def:1000082
oval:org.secpod.oval:def:1000159
oval:org.secpod.oval:def:200216
...

© SecPod Technologies