CVE-2005-0247

2005-05-0200:00:00

ubuntu.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.626 Medium

EPSS

Percentile

97.8%

JSON

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may
allow attackers to execute arbitrary code via (1) a large number of
variables in a SQL statement being handled by the read_sql_construct
function, (2) a large number of INTO variables in a SELECT statement being
handled by the make_select_stmt function, (3) a large number of arbitrary
variables in a SELECT statement being handled by the make_select_stmt
function, and (4) a large number of INTO variables in a FETCH statement
being handled by the make_fetch_stmt function, a different set of
vulnerabilities than CVE-2005-0245.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchpostgresql-7.4< 7.4.12-3UNKNOWN
ubuntu6.10noarchpostgresql-7.4< 7.4.12-3UNKNOWN
ubuntu6.06noarchpostgresql-8.0< 8.0.7-2build1UNKNOWN
ubuntu6.06noarchpostgresql-8.1< 8.1.9-0ubuntu0.6.06UNKNOWN
ubuntu6.10noarchpostgresql-8.1< 8.1.9-0ubuntu0.6.10UNKNOWN
ubuntu7.04noarchpostgresql-8.1< 8.1.8-1ubuntu3UNKNOWN
ubuntu7.04noarchpostgresql-8.2< 8.2.4-0ubuntu0.7.04UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	postgresql-7.4	< 7.4.12-3	UNKNOWN
ubuntu	6.10	noarch	postgresql-7.4	< 7.4.12-3	UNKNOWN
ubuntu	6.06	noarch	postgresql-8.0	< 8.0.7-2build1	UNKNOWN
ubuntu	6.06	noarch	postgresql-8.1	< 8.1.9-0ubuntu0.6.06	UNKNOWN
ubuntu	6.10	noarch	postgresql-8.1	< 8.1.9-0ubuntu0.6.10	UNKNOWN
ubuntu	7.04	noarch	postgresql-8.1	< 8.1.8-1ubuntu3	UNKNOWN
ubuntu	7.04	noarch	postgresql-8.2	< 8.2.4-0ubuntu0.7.04	UNKNOWN