Published: 06/02/2007 Updated: 16/10/2018

CVSS v2 Base Score: 6.6 | Impact Score: 9.2 | Exploitability Score: 3.9

VMScore: 587

Vector: AV:N/AC:H/Au:S/C:C/I:N/A:C

The query planner in PostgreSQL prior to 8.0.11, 8.1 prior to 8.1.7, and 8.2 prior to 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 1.02
postgresql postgresql 1.09
postgresql postgresql 6.3.1
postgresql postgresql 6.3.2
postgresql postgresql 7.0
postgresql postgresql 7.0.1
postgresql postgresql 7.2
postgresql postgresql 7.2.1
postgresql postgresql 7.2.8
postgresql postgresql 7.3
postgresql postgresql 7.3.16
postgresql postgresql 7.3.17
postgresql postgresql 7.3.7
postgresql postgresql 7.3.8
postgresql postgresql 7.4.13
postgresql postgresql 7.4.14
postgresql postgresql 7.4.7
postgresql postgresql 7.4.8
postgresql postgresql 8.0.4
postgresql postgresql 8.0.5
postgresql postgresql 8.1.2
postgresql postgresql 8.1.3
postgresql postgresql 8.1.4
postgresql postgresql 1.0
postgresql postgresql 1.01
postgresql postgresql 6.2.1
postgresql postgresql 6.3
postgresql postgresql 6.5.2
postgresql postgresql 6.5.3
postgresql postgresql 7.1.2
postgresql postgresql 7.1.3
postgresql postgresql 7.2.6
postgresql postgresql 7.2.7
postgresql postgresql 7.3.14
postgresql postgresql 7.3.15
postgresql postgresql 7.3.5
postgresql postgresql 7.3.6
postgresql postgresql 7.4.11
postgresql postgresql 7.4.12
postgresql postgresql 7.4.5
postgresql postgresql 7.4.6
postgresql postgresql 8.0.2
postgresql postgresql 8.0.3
postgresql postgresql 8.1
postgresql postgresql 8.1.1
postgresql postgresql 6.0
postgresql postgresql 6.1
postgresql postgresql 6.4
postgresql postgresql 6.4.1
postgresql postgresql 7.0.2
postgresql postgresql 7.0.3
postgresql postgresql 7.2.2
postgresql postgresql 7.2.3
postgresql postgresql 7.3.1
postgresql postgresql 7.3.10
postgresql postgresql 7.3.18
postgresql postgresql 7.3.2
postgresql postgresql 7.3.9
postgresql postgresql 7.4
postgresql postgresql 7.4.15
postgresql postgresql 7.4.16
postgresql postgresql 7.4.2
postgresql postgresql 7.4.9
postgresql postgresql 8.0
postgresql postgresql 8.0.6
postgresql postgresql 8.0.7
postgresql postgresql 8.1.5
postgresql postgresql 8.1.6
postgresql postgresql 6.1.1
postgresql postgresql 6.2
postgresql postgresql 6.4.2
postgresql postgresql 6.5
postgresql postgresql 6.5.1
postgresql postgresql 7.1
postgresql postgresql 7.1.1
postgresql postgresql 7.2.4
postgresql postgresql 7.2.5
postgresql postgresql 7.3.11
postgresql postgresql 7.3.12
postgresql postgresql 7.3.13
postgresql postgresql 7.3.3
postgresql postgresql 7.3.4
postgresql postgresql 7.4.1
postgresql postgresql 7.4.10
postgresql postgresql 7.4.3
postgresql postgresql 7.4.4
postgresql postgresql 8.0.1
postgresql postgresql 8.0.10
postgresql postgresql 8.0.8
postgresql postgresql 8.0.9
postgresql postgresql 8.2
postgresql postgresql 8.2.1

Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases An authenticated attacker could exploit this to crash the database server or read out arbitrary locations in the server’s memory, which could allow retrieving database content the attacker should not be able to see (CVE ...

Get Started

CVE-2007-0556

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect