Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2014-0064 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 6.5 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 6 (postgresql) | RHSA-2014:0211 | 2014-02-25 |
| Red Hat Enterprise Linux 5 (postgresql84) | RHSA-2014:0211 | 2014-02-25 |
| CloudForms Management Engine 5.4 (postgresql92-postgresql) | RHSA-2014:0469 | 2014-05-12 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 (postgresql92-postgresql) | RHSA-2014:0221 | 2014-02-27 |
| Red Hat Enterprise Linux 5 (postgresql) | RHSA-2014:0249 | 2014-03-04 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | postgresql | Not affected |
Vulmon