Lucene search

Veracode Vulnerability DatabaseVERACODE:23208

HistoryApr 10, 2020 - 12:19 a.m.

Denial Of Service (DoS)

2020-04-1000:19:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

JSON

postgresql is vulnerable to denial of service (DoS). The vulnerability exists in PostgreSQL’s regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers.

CPENameOperatorVersion
postgresqleq8.1.9__1.el5
postgresqleq8.1.8__1.el4s1.1
postgresqleq8.1.9__1.el4s1.1
postgresqleq8.2.4__6.el5s2
postgresqleq7.4.19__1.el4_6.1
postgresqleq8.1.7__3.el4s1.1
postgresqleq8.1.8__1.el5
postgresqleq8.1.4__1.el4s1.1
postgresqleq8.1.11__1.el5_1.1
postgresqleq8.1.9__1.el5

Name	Operator	Version
postgresql	eq	8.1.9__1.el5
postgresql	eq	8.1.8__1.el4s1.1
postgresql	eq	8.1.9__1.el4s1.1
postgresql	eq	8.2.4__6.el5s2
postgresql	eq	7.4.19__1.el4_6.1
postgresql	eq	8.1.7__3.el4s1.1
postgresql	eq	8.1.8__1.el5
postgresql	eq	8.1.4__1.el4s1.1
postgresql	eq	8.1.11__1.el5_1.1
postgresql	eq	8.1.9__1.el5

Rows per page:

1-10 of 181

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html

secunia.com/advisories/28359

secunia.com/advisories/28376

secunia.com/advisories/28437

secunia.com/advisories/28438

secunia.com/advisories/28454

secunia.com/advisories/28455

secunia.com/advisories/28464

secunia.com/advisories/28477

secunia.com/advisories/28479

secunia.com/advisories/28679

secunia.com/advisories/28698

secunia.com/advisories/29638

security.gentoo.org/glsa/glsa-200801-15.xml

securitytracker.com/id?1019157

sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894

sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894

sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

www.debian.org/security/2008/dsa-1460

www.debian.org/security/2008/dsa-1463

www.mandriva.com/security/advisories?name=MDVSA-2008:004

www.postgresql.org/about/news.905

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2008-0038.html

www.redhat.com/support/errata/RHSA-2008-0040.html

www.securityfocus.com/archive/1/485864/100/0/threaded

www.securityfocus.com/archive/1/486407/100/0/threaded

www.securityfocus.com/bid/27163

www.vupen.com/english/advisories/2008/0061

www.vupen.com/english/advisories/2008/0109

www.vupen.com/english/advisories/2008/1071/references

access.redhat.com/errata/RHSA-2008:0038

exchange.xforce.ibmcloud.com/vulnerabilities/39499

issues.rpath.com/browse/RPL-1768

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804

usn.ubuntu.com/568-1/

www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html

www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

JSON

Related for VERACODE:23208