6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.96 High
EPSS
Percentile
99.5%
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23,
8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of
service (daemon crash) or have unspecified other impact via vectors
involving a negative integer in the third argument, as demonstrated by a
SELECT statement that contains a call to the substring function for a bit
string, related to an βoverflow.β
Author | Note |
---|---|
mdeslaur | this was fixed in the -updates pocket, but not the -security pocket. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | postgresql-8.1 | <Β 8.1.20-0ubuntu0.6.06 | UNKNOWN |
ubuntu | 8.04 | noarch | postgresql-8.3 | <Β 8.3.10-0ubuntu8.04 | UNKNOWN |
ubuntu | 9.04 | noarch | postgresql-8.3 | <Β 8.3.10-0ubuntu9.04 | UNKNOWN |
ubuntu | 9.10 | noarch | postgresql-8.4 | <Β 8.4.3-0ubuntu9.10 | UNKNOWN |
ubuntu | 10.04 | noarch | postgresql-8.4 | <Β 8.4.3-1 | UNKNOWN |
ubuntu | 10.10 | noarch | postgresql-8.4 | <Β 8.4.3-1 | UNKNOWN |
ubuntu | 11.04 | noarch | postgresql-8.4 | <Β 8.4.3-1 | UNKNOWN |
ubuntu | 11.10 | noarch | postgresql-8.4 | <Β 8.4.3-1 | UNKNOWN |