Lucene search

K

[email protected]NVD:CVE-2010-0442

HistoryFeb 02, 2010 - 6:30 p.m.

CVE-2010-0442

2010-02-0218:30:00

CWE-189

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.956 High

EPSS

Percentile

99.4%

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an “overflow.”

Affected configurations

NVD

Node

postgresqlpostgresqlRange7.4–7.4.28

OR

postgresqlpostgresqlRange8.0–8.0.24

OR

postgresqlpostgresqlRange8.1–8.1.20

OR

postgresqlpostgresqlRange8.2–8.2.16

OR

postgresqlpostgresqlRange8.3–8.3.10

OR

postgresqlpostgresqlRange8.4–8.4.3

References

archives.postgresql.org/pgsql-committers/2010-01/msg00125.php

archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php

bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058

git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12

git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83

intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html

secunia.com/advisories/39566

secunia.com/advisories/39820

secunia.com/advisories/39939

securitytracker.com/id?1023510

ubuntu.com/usn/usn-933-1

www.debian.org/security/2010/dsa-2051

www.mandriva.com/security/advisories?name=MDVSA-2010:103

www.openwall.com/lists/oss-security/2010/01/27/5

www.redhat.com/support/errata/RHSA-2010-0427.html

www.redhat.com/support/errata/RHSA-2010-0428.html

www.redhat.com/support/errata/RHSA-2010-0429.html

www.securityfocus.com/bid/37973

www.vupen.com/english/advisories/2010/1022

www.vupen.com/english/advisories/2010/1197

www.vupen.com/english/advisories/2010/1207

www.vupen.com/english/advisories/2010/1221

bugzilla.redhat.com/show_bug.cgi?id=559194

bugzilla.redhat.com/show_bug.cgi?id=559259

exchange.xforce.ibmcloud.com/vulnerabilities/55902

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.956 High

EPSS

Percentile

99.4%

Related for NVD:CVE-2010-0442

freebsd1 openvas26 checkpoint_advisories1 securityvulns2 ubuntu1 seebug1 ubuntucve1 prion1 nessus15 veracode1 cvelist1 cve1 debian1 redhat3 centos3 oraclelinux3 osv1 gentoo1