Ubuntu.comUB:CVE-2010-0442CVE-2010-0442
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.96 High
EPSS
Percentile
99.5%
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23,
8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of
service (daemon crash) or have unspecified other impact via vectors
involving a negative integer in the third argument, as demonstrated by a
SELECT statement that contains a call to the substring function for a bit
string, related to an βoverflow.β
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058>
- <https://bugzilla.redhat.com/show_bug.cgi?id=559259>
- <https://bugzilla.redhat.com/show_bug.cgi?id=559194>
Notes
| Author | Note |
|---|---|
| mdeslaur | this was fixed in the -updates pocket, but not the -security pocket. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 6.06 | noarch | postgresql-8.1 | <Β 8.1.20-0ubuntu0.6.06 | UNKNOWN |
| ubuntu | 8.04 | noarch | postgresql-8.3 | <Β 8.3.10-0ubuntu8.04 | UNKNOWN |
| ubuntu | 9.04 | noarch | postgresql-8.3 | <Β 8.3.10-0ubuntu9.04 | UNKNOWN |
| ubuntu | 9.10 | noarch | postgresql-8.4 | <Β 8.4.3-0ubuntu9.10 | UNKNOWN |
| ubuntu | 10.04 | noarch | postgresql-8.4 | <Β 8.4.3-1 | UNKNOWN |
| ubuntu | 10.10 | noarch | postgresql-8.4 | <Β 8.4.3-1 | UNKNOWN |
| ubuntu | 11.04 | noarch | postgresql-8.4 | <Β 8.4.3-1 | UNKNOWN |
| ubuntu | 11.10 | noarch | postgresql-8.4 | <Β 8.4.3-1 | UNKNOWN |
Related
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.96 High
EPSS
Percentile
99.5%