4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.023 Low
EPSS
Percentile
89.6%
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote
authenticated users to cause a denial of service (stack consumption and
crash) by triggering a failure in the conversion of a localized error
message to a client-specified encoding, as demonstrated using mismatched
encoding conversion requests.
Author | Note |
---|---|
mdeslaur | the denial of service is only temporary, so impact isnβt great. (should this be changed to βlow priorityβ?) upstream patch replaces core dump due to stack overflow with core dump due to abort(), so doesnβt fix temporary DoS see http://archives.postgresql.org//pgsql-bugs/2009-02/msg00190.php |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | postgresql-8.1 | <Β 8.1.17-0ubuntu0.6.06.1 | UNKNOWN |
ubuntu | 8.04 | noarch | postgresql-8.3 | <Β 8.3.7-0ubuntu8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | postgresql-8.3 | <Β 8.3.7-0ubuntu8.10.1 | UNKNOWN |