Published: 01/02/2005 Updated: 19/01/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in gram.y for PostgreSQL 8.0.0 and previous versions may allow malicious users to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 8.0
postgresql postgresql

The execution of custom PostgreSQL functions can be restricted with the EXECUTE privilege However, previous versions did not check this privilege when executing a function which was part of an aggregate As a result, any database user could circumvent the EXECUTE restriction of functions with a particular (but very common) parameter structure by c ...

Several buffer overflows have been discovered in PL/PgSQL as part of the PostgreSQL engine which could lead to the execution of arbitrary code For the stable distribution (woody) these problems have been fixed in version 721-2woody8 For the unstable distribution (sid) these problems have been fixed in version 747-2 We recommend that you upgr ...

Synopsis postgresql security update Type/Severity Security Advisory: Important Topic Updated PostgreSQL packages to fix various security flaws are now availablefor Red Hat Enterprise Linux 21ASThis update has been rated as having important security impact by the RedHat Security Response Team Des ...

Synopsis rh-postgresql security update Type/Severity Security Advisory: Important Topic Updated PostgreSQL packages to fix various security flaws are now availablefor Red Hat Enterprise Linux 3 Description PostgreSQL is an advanced Object-Relational database management system(DBMS)A flaw ...

Synopsis postgresql security update Type/Severity Security Advisory: Important Topic Updated postresql packages that correct various security issues are nowavailable for Red Hat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Security Response Team D ...

source: wwwsecurityfocuscom/bid/12417/info Multiple remote vulnerabilities affect PostgreSQL These issues are due to design errors, buffer-mismanagement errors, and causes that are currently unspecified The vulnerabilities are as follows: - The application fails to enforce function permissions - A buffer overflow is triggered when cu ...

NVD-CWE-Other http://archives.postgresql.org/pgsql-patches/2005-01/msg00216.php http://archives.postgresql.org/pgsql-committers/2005-01/msg00298.php http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php http://www.debian.org/security/2005/dsa-683 http://www.redhat.com/support/errata/RHSA-2005-138.html http://www.redhat.com/support/errata/RHSA-2005-150.html http://secunia.com/advisories/12948 http://www.novell.com/linux/security/advisories/2005_36_sudo.html http://www.securityfocus.com/bid/12417 http://www.mandriva.com/security/advisories?name=MDKSA-2005:040 http://marc.info/?l=bugtraq&m=110806034116082&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19188 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10175 https://usn.ubuntu.com/79-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/25076/

CVE-2005-0245

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect