CVE-2014-8161

Several security issues were fixed in PostgreSQL ...

Several vulnerabilities have been found in PostgreSQL-91, a SQL database system CVE-2014-8161: Information leak A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages CVE-2015-0241: Out of boundaries read/write The function to_char() might read/write past the e ...

A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL (CVE-2015-0241) A buffer overflow ...

An information leak flaw was found in the way the PostgreSQL database server handled certain error messages An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed (CVE-2014-8161) A buffer overflow ...

Impact: Moderate Public Date: 2015-02-05 CWE: CWE-662->CWE-300 Bugzilla: 1182043: CVE-2014-8161 post ...

A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message This is similar to CVE-2014-8161, but the conditions to exploit are more rare ...