Published: 09/01/2008 Updated: 15/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.9 | Exploitability Score: 8

VMScore: 605

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

The regular expression parser in TCL prior to 8.4.17, as used in PostgreSQL 8.2 prior to 8.2.6, 8.1 prior to 8.1.11, 8.0 prior to 8.0.15, and 7.4 prior to 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 7.3.1
postgresql postgresql 7.3.10
postgresql postgresql 7.3.19
postgresql postgresql 7.3.2
postgresql postgresql 7.3.3
postgresql postgresql 7.4.10
postgresql postgresql 7.4.11
postgresql postgresql 7.4.3
postgresql postgresql 7.4.4
postgresql postgresql 8.0.11
postgresql postgresql 8.0.13
postgresql postgresql 7.3
postgresql postgresql 7.3.15
postgresql postgresql 7.3.16
postgresql postgresql 7.4
postgresql postgresql 7.4.1
postgresql postgresql 7.4.17
postgresql postgresql 7.4.2
postgresql postgresql 7.4.9
postgresql postgresql 8.0
postgresql postgresql 8.0.1
postgresql postgresql 8.0.5
postgresql postgresql 8.0.7
postgresql postgresql 8.1.7
postgresql postgresql 8.1.8
postgresql postgresql 8.0.8
postgresql postgresql 8.0.9
postgresql postgresql 8.1.9
postgresql postgresql 8.2
postgresql postgresql 7.3.13
postgresql postgresql 7.3.14
postgresql postgresql 7.3.8
postgresql postgresql 7.3.9
postgresql postgresql 7.4.14
postgresql postgresql 7.4.16
postgresql postgresql 7.4.7
postgresql postgresql 7.4.8
postgresql postgresql 8.0.317
postgresql postgresql 8.0.4
postgresql postgresql 8.1.4
postgresql postgresql 8.1.5
postgresql postgresql 8.2.4
tcl tk tcl tk
postgresql postgresql 7.3.11
postgresql postgresql 7.3.12
postgresql postgresql 7.3.4
postgresql postgresql 7.3.6
postgresql postgresql 7.4.12
postgresql postgresql 7.4.13
postgresql postgresql 7.4.5
postgresql postgresql 7.4.6
postgresql postgresql 8.0.2
postgresql postgresql 8.0.3
postgresql postgresql 8.1.1
postgresql postgresql 8.1.3
postgresql postgresql 8.2.2
postgresql postgresql 8.2.3

Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries (CVE-2007-3278, CVE-2007-6601) ...

Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation This issue is also tracked as CVE-2007-6601, ...

CVE-2007-4769

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect