Lucene search
Ubuntu.comUB:CVE-2009-0922HistoryMar 17, 2009 - 12:00 a.m.
CVE-2009-0922
2009-03-1700:00:00
ubuntu.com
ubuntu.com
8
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.023 Low
EPSS
Percentile
89.6%
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote
authenticated users to cause a denial of service (stack consumption and
crash) by triggering a failure in the conversion of a localized error
message to a client-specified encoding, as demonstrated using mismatched
encoding conversion requests.
Bugs
- <https://bugzilla.redhat.com/show_bug.cgi?id=488156>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517405>
- <http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php>
- <http://archives.postgresql.org//pgsql-bugs/2009-02/msg00176.php>
Notes
| Author | Note |
|---|---|
| mdeslaur | the denial of service is only temporary, so impact isnβt great. (should this be changed to βlow priorityβ?) upstream patch replaces core dump due to stack overflow with core dump due to abort(), so doesnβt fix temporary DoS see http://archives.postgresql.org//pgsql-bugs/2009-02/msg00190.php |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 6.06 | noarch | postgresql-8.1 | <Β 8.1.17-0ubuntu0.6.06.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | postgresql-8.3 | <Β 8.3.7-0ubuntu8.04.1 | UNKNOWN |
| ubuntu | 8.10 | noarch | postgresql-8.3 | <Β 8.3.7-0ubuntu8.10.1 | UNKNOWN |
Related
nessus
nessus
Fedora 9 : postgresql-8.3.7-1.fc9 (2009-2927)
2009-03-24 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : postgresql-8.1, postgresql-8.3 vulnerability (USN-753-1)
2009-04-23 00:00:00
Mandriva Linux Security Advisory : postgresql (MDVSA-2009:079)
2009-04-23 00:00:00
openvas
openvas
PostgreSQL Denial of Service Vulnerability (Linux)
2009-03-26 00:00:00
Fedora Core 10 FEDORA-2009-2959 (postgresql)
2009-03-31 00:00:00
Fedora Core 9 FEDORA-2009-2927 (postgresql)
2009-03-31 00:00:00
seebug
seebug
PostgreSQL转ζ’ηΌη θΏη¨ζη»ζε‘ζΌζ΄
2009-03-19 00:00:00
securityvulns
securityvulns
PostgreSQL DoS
2009-03-24 00:00:00
[ MDVSA-2009:079 ] postgresql
2009-03-24 00:00:00
prion
prion
Code injection
2009-03-17 17:30:00
fedora
fedora
[SECURITY] Fedora 10 Update: postgresql-8.3.7-1.fc10
2009-03-23 16:00:42
[SECURITY] Fedora 9 Update: postgresql-8.3.7-1.fc9
2009-03-23 15:55:47
[SECURITY] Fedora 10 Update: postgresql-8.3.8-1.fc10
2009-09-11 23:21:46
cve
cve
CVE-2009-0922
2009-03-17 17:30:00
postgresql
postgresql
Vulnerability in core server (CVE-2009-0922)
2009-03-17 17:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:32:27
ubuntu
ubuntu
PostgreSQL vulnerability
2009-04-07 00:00:00
oraclelinux
oraclelinux
postgresql security update
2009-10-07 00:00:00
postgresql security update
2010-05-19 00:00:00
redhat
redhat
(RHSA-2009:1484) Moderate: postgresql security update
2009-10-07 00:00:00
centos
centos
postgresql security update
2009-10-09 15:00:55
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2011-10-25 00:00:00
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.023 Low
EPSS
Percentile
89.6%
Related for UB:CVE-2009-0922