[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80167

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-7548

Date: (C)2017-08-19   (M)2018-01-02 


PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.

CVSS Score: 4.0Access Vector: NETWORK
Exploit Score: 8.0Access Complexity: LOW
Impact Score: 2.9Authentication: SINGLE_INSTANCE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE





Reference:
BID-100276
SECTRACK-1039142
DSA-3935
DSA-3936
GLSA-201710-06
RHSA-2017:2677
RHSA-2017:2678
https://www.postgresql.org/about/news/1772/

CPE    3
cpe:/a:postgresql:postgresql:9.4.5
cpe:/a:postgresql:postgresql:9.4
cpe:/a:postgresql:postgresql:9.5
CWE    1
CWE-285
OVAL    7
oval:org.secpod.oval:def:1600767
oval:org.secpod.oval:def:113099
oval:org.secpod.oval:def:113056
oval:org.secpod.oval:def:603045
...

© 2013 SecPod Technologies