Published: 19/03/2010 Updated: 13/02/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and previous versions, and 8.5 up to and including 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 8.1.10
postgresql postgresql 8.1.6
postgresql postgresql 8.2.9
postgresql postgresql 8.0.7
postgresql postgresql 8.0.2
postgresql postgresql 8.1.15
postgresql postgresql 8.1.7
postgresql postgresql 8.3.6
postgresql postgresql 8.2.10
postgresql postgresql 8.0.22
postgresql postgresql 8.2.15
postgresql postgresql 8.2.4
postgresql postgresql 8.0.17
postgresql postgresql 8.0.10
postgresql postgresql 8.1.20
postgresql postgresql 8.1
postgresql postgresql 8.1.19
postgresql postgresql 8.2.11
postgresql postgresql 8.1.13
postgresql postgresql 8.0.12
postgresql postgresql 8.2.12
postgresql postgresql 8.0.9
postgresql postgresql 8.0.15
postgresql postgresql 8.2.2
postgresql postgresql 8.3.3
postgresql postgresql 8.0.0
postgresql postgresql 8.1.0
postgresql postgresql 8.1.3
postgresql postgresql 8.3.2
postgresql postgresql 8.5
postgresql postgresql 8.0.18
postgresql postgresql 8.2.5
postgresql postgresql 8.0.3
postgresql postgresql 8.1.9
postgresql postgresql 8.4
postgresql postgresql
postgresql postgresql 8.2.1
postgresql postgresql 8.3.1
postgresql postgresql 8.1.14
postgresql postgresql 8.3.5
postgresql postgresql 8.0.20
postgresql postgresql 8.3.8
postgresql postgresql 8.0.8
postgresql postgresql 8.2.7
postgresql postgresql 8.0.6
postgresql postgresql 8.1.11
postgresql postgresql 8.2.6
postgresql postgresql 8.0.16
postgresql postgresql 8.3.7
postgresql postgresql 8.1.17
postgresql postgresql 8.0.13
postgresql postgresql 8.3.10
postgresql postgresql 8.1.18
postgresql postgresql 8.3
postgresql postgresql 8.1.4
postgresql postgresql 8.0.1
postgresql postgresql 8.1.8
postgresql postgresql 8.3.4
postgresql postgresql 8.0.19
postgresql postgresql 8.1.1
postgresql postgresql 8.1.12
postgresql postgresql 8.1.5
postgresql postgresql 8.0.21
postgresql postgresql 8.1.16
postgresql postgresql 8.2.3
postgresql postgresql 8.0.23
postgresql postgresql 8.3.9
postgresql postgresql 8.2.16
postgresql postgresql 8.0.4
postgresql postgresql 8.0.5
postgresql postgresql 8.0.14
postgresql postgresql 8.2.8
postgresql postgresql 8.2.13
postgresql postgresql 8.2
postgresql postgresql 8.0.11
postgresql postgresql 8.0.317
postgresql postgresql 8.0
postgresql postgresql 8.2.14
postgresql postgresql 8.1.2

source: wwwsecurityfocuscom/bid/38619/info PostgreSQL is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied data before using it in memory-allocation calculations An attacker can exploit this issue to cause the affected application to crash Due to the nature of this issue, remote code ...

CWE-189 http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php http://www.openwall.com/lists/oss-security/2010/03/09/2 https://bugzilla.redhat.com/show_bug.cgi?id=546621 http://www.openwall.com/lists/oss-security/2010/03/16/10 http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php http://www.redhat.com/support/errata/RHSA-2010-0428.html http://www.redhat.com/support/errata/RHSA-2010-0427.html http://www.redhat.com/support/errata/RHSA-2010-0429.html http://www.securityfocus.com/bid/38619 http://secunia.com/advisories/39820 http://www.vupen.com/english/advisories/2010/1197 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10691 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=64b057e6823655fb6c5d1f24a28f236b94dd6c54 https://nvd.nist.gov https://www.exploit-db.com/exploits/33729/

Get Started

CVE-2010-0733

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect