6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.626 Medium
EPSS
Percentile
97.8%
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may
allow attackers to execute arbitrary code via (1) a large number of
variables in a SQL statement being handled by the read_sql_construct
function, (2) a large number of INTO variables in a SELECT statement being
handled by the make_select_stmt function, (3) a large number of arbitrary
variables in a SELECT statement being handled by the make_select_stmt
function, and (4) a large number of INTO variables in a FETCH statement
being handled by the make_fetch_stmt function, a different set of
vulnerabilities than CVE-2005-0245.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | postgresql-7.4 | < 7.4.12-3 | UNKNOWN |
ubuntu | 6.10 | noarch | postgresql-7.4 | < 7.4.12-3 | UNKNOWN |
ubuntu | 6.06 | noarch | postgresql-8.0 | < 8.0.7-2build1 | UNKNOWN |
ubuntu | 6.06 | noarch | postgresql-8.1 | < 8.1.9-0ubuntu0.6.06 | UNKNOWN |
ubuntu | 6.10 | noarch | postgresql-8.1 | < 8.1.9-0ubuntu0.6.10 | UNKNOWN |
ubuntu | 7.04 | noarch | postgresql-8.1 | < 8.1.8-1ubuntu3 | UNKNOWN |
ubuntu | 7.04 | noarch | postgresql-8.2 | < 8.2.4-0ubuntu0.7.04 | UNKNOWN |