Lucene search

[email protected]CVE-2007-4639

HistoryAug 31, 2007 - 11:17 p.m.

CVE-2007-4639

2007-08-3123:17:00

CWE-824

[email protected]

web.nvd.nist.gov

cve-2007-4639

enterprisedb

advanced server

debugging

vulnerability

denial of service

remote code execution

nvd

8.2 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.3%

JSON

EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.

CPENameOperatorVersion
enterprisedb:postgres_advanced_serverenterprisedb postgres advanced servereq8.2

CPE	Name	Operator	Version
enterprisedb:postgres_advanced_server	enterprisedb postgres advanced server	eq	8.2

References

secunia.com/advisories/26640

www.securityfocus.com/archive/1/478057/100/0/threaded

www.securityfocus.com/bid/25481

www.vupen.com/english/advisories/2007/3040

exchange.xforce.ibmcloud.com/vulnerabilities/36328

8.2 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.3%

JSON

Related for CVE-2007-4639

prion1