Published: 02/02/2011 Updated: 07/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x prior to 9.0.3, 8.4.x prior to 8.4.7, 8.3.x prior to 8.3.14, and 8.2.x prior to 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 8.3.6
postgresql postgresql 8.3.3
postgresql postgresql 8.3.2
postgresql postgresql 8.3.12
postgresql postgresql 8.3.1
postgresql postgresql 8.3.5
postgresql postgresql 8.3.8
postgresql postgresql 8.3.7
postgresql postgresql 8.3.10
postgresql postgresql 8.3
postgresql postgresql 8.3.4
postgresql postgresql 8.3.11
postgresql postgresql 8.3.9
postgresql postgresql 8.3.13
postgresql postgresql 9.0.1
postgresql postgresql 9.0
postgresql postgresql 9.0.2
postgresql postgresql 8.4.4
postgresql postgresql 8.4.1
postgresql postgresql 8.4.3
postgresql postgresql 8.4.6
postgresql postgresql 8.4
postgresql postgresql 8.4.5
postgresql postgresql 8.4.2
postgresql postgresql 8.2.9
postgresql postgresql 8.2.17
postgresql postgresql 8.2.10
postgresql postgresql 8.2.15
postgresql postgresql 8.2.4
postgresql postgresql 8.2.11
postgresql postgresql 8.2.12
postgresql postgresql 8.2.2
postgresql postgresql 8.2.19
postgresql postgresql 8.2.5
postgresql postgresql 8.2.1
postgresql postgresql 8.2.7
postgresql postgresql 8.2.6
postgresql postgresql 8.2.18
postgresql postgresql 8.2.3
postgresql postgresql 8.2.16
postgresql postgresql 8.2.8
postgresql postgresql 8.2.13
postgresql postgresql 8.2
postgresql postgresql 8.2.14

Geoff Keating reported that a buffer overflow exists in the intarray module’s input function for the query_int type This could allow an attacker to cause a denial of service or possibly execute arbitrary code as the postgres user ...

It was discovered that PostgreSQL's intarray contrib module does not properly handle integers with a large number of digits, leading to a server crash and potentially arbitrary code execution For the stable distribution (lenny), this problem has been fixed in version 8314-0lenny1 of the postgresql-83 package For the testing distribution (squee ...

CWE-189 http://www.postgresql.org/about/news.1289 http://www.postgresql.org/support/security http://www.vupen.com/english/advisories/2011/0262 http://secunia.com/advisories/43144 http://www.securityfocus.com/bid/46084 http://osvdb.org/70740 http://www.redhat.com/support/errata/RHSA-2011-0198.html http://www.vupen.com/english/advisories/2011/0303 http://secunia.com/advisories/43188 http://secunia.com/advisories/43187 http://secunia.com/advisories/43240 http://secunia.com/advisories/43155 http://www.mandriva.com/security/advisories?name=MDVSA-2011:021 http://www.vupen.com/english/advisories/2011/0287 http://www.debian.org/security/2011/dsa-2157 http://www.vupen.com/english/advisories/2011/0299 http://www.vupen.com/english/advisories/2011/0283 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html http://secunia.com/advisories/43154 http://www.vupen.com/english/advisories/2011/0278 http://www.ubuntu.com/usn/USN-1058-1 http://www.redhat.com/support/errata/RHSA-2011-0197.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html http://www.vupen.com/english/advisories/2011/0349 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://exchange.xforce.ibmcloud.com/vulnerabilities/65060 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commitdiff%3Bh=7ccb6dc2d3e266a551827bb99179708580f72431 https://usn.ubuntu.com/1058-1/https://nvd.nist.gov

CVE-2010-4015

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect