Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2007-4772

Published: 09/01/2008 Updated: 09/10/2019
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Subscribe to Postgresql

Vulnerability Summary

The regular expression parser in TCL prior to 8.4.17, as used in PostgreSQL 8.2 prior to 8.2.6, 8.1 prior to 8.1.11, 8.0 prior to 8.0.15, and 7.4 prior to 7.4.19, allows context-dependent malicious users to cause a denial of service (infinite loop) via a crafted regular expression.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

postgresql postgresql

tcl tcl\\/tk

debian debian linux 3.1

canonical ubuntu linux 7.10

canonical ubuntu linux 6.10

canonical ubuntu linux 6.06

canonical ubuntu linux 7.04

Vendor Advisories

Red Hat: Moderate: tcl security and bug fix update
Synopsis Moderate: tcl security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated tcl packages that fix two security issues and one bug are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common ...
Ubuntu Security Notice: postgresql vulnerabilities
Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries (CVE-2007-3278, CVE-2007-6601) ...
Debian Security Advisories: DSA-1463-1 postgresql-7.4 -- several vulnerabilities
Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation This issue is also tracked as CVE-2007-6601, ...
Debian Security Advisories: DSA-1460-1 postgresql-8.1 -- several vulnerabilities
Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation This issue is also tracked as CVE-2007-6601, ...

References

CWE-399http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894http://www.postgresql.org/about/news.905http://www.securityfocus.com/bid/27163http://securitytracker.com/id?1019157http://secunia.com/advisories/28359http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894http://www.mandriva.com/security/advisories?name=MDVSA-2008:004https://issues.rpath.com/browse/RPL-1768http://www.debian.org/security/2008/dsa-1460http://www.debian.org/security/2008/dsa-1463https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0038.htmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1http://secunia.com/advisories/28376http://secunia.com/advisories/28438http://secunia.com/advisories/28437http://secunia.com/advisories/28454http://secunia.com/advisories/28464http://secunia.com/advisories/28477http://secunia.com/advisories/28479http://secunia.com/advisories/28455http://security.gentoo.org/glsa/glsa-200801-15.xmlhttp://secunia.com/advisories/28679http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.htmlhttp://secunia.com/advisories/28698http://www.redhat.com/support/errata/RHSA-2008-0040.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0134.htmlhttp://secunia.com/advisories/29070http://www.mandriva.com/security/advisories?name=MDVSA-2008:059http://secunia.com/advisories/29248http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1http://secunia.com/advisories/29638http://www.vmware.com/security/advisories/VMSA-2008-0009.htmlhttp://secunia.com/advisories/30535http://www.vupen.com/english/advisories/2008/1071/referenceshttp://www.vupen.com/english/advisories/2008/0109http://www.vupen.com/english/advisories/2008/1744http://www.vupen.com/english/advisories/2008/0061http://rhn.redhat.com/errata/RHSA-2013-0122.htmlhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705https://exchange.xforce.ibmcloud.com/vulnerabilities/39497https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569https://usn.ubuntu.com/568-1/http://www.securityfocus.com/archive/1/493080/100/0/threadedhttp://www.securityfocus.com/archive/1/486407/100/0/threadedhttp://www.securityfocus.com/archive/1/485864/100/0/threadedhttps://access.redhat.com/errata/RHSA-2013:0122https://usn.ubuntu.com/568-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook