Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24599

HistoryApr 10, 2020 - 12:58 a.m.

Arbitrary Code Execution

2020-04-1000:58:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

postgresql is vulnerable to arbitrary code execution. A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server.

CPENameOperatorVersion
postgresqleq8.1.9__1.el5
postgresqleq8.4.5__1.el6_0.2
postgresqleq7.4.19__1.el4_6.1
postgresqleq7.4.26__1.el4_8.1
postgresqleq8.1.8__1.el5
postgresqleq8.1.21__1.el5_5.1
postgresqleq8.1.18__2.el5_4.1
postgresqleq8.4.4__2.el6
postgresqleq8.1.22__1.el5_5.1
postgresqleq8.1.11__1.el5_1.1

Rows per page:

1-10 of 281

References

git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html

lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html

lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

marc.info/?l=bugtraq&m=134124585221119&w=2

osvdb.org/70740

secunia.com/advisories/43144

secunia.com/advisories/43154

secunia.com/advisories/43155

secunia.com/advisories/43187

secunia.com/advisories/43188

secunia.com/advisories/43240

www.debian.org/security/2011/dsa-2157

www.mandriva.com/security/advisories?name=MDVSA-2011:021

www.postgresql.org/about/news.1289

www.postgresql.org/support/security

www.redhat.com/support/errata/RHSA-2011-0197.html

www.redhat.com/support/errata/RHSA-2011-0198.html

www.securityfocus.com/bid/46084

www.ubuntu.com/usn/USN-1058-1

www.vupen.com/english/advisories/2011/0262

www.vupen.com/english/advisories/2011/0278

www.vupen.com/english/advisories/2011/0283

www.vupen.com/english/advisories/2011/0287

www.vupen.com/english/advisories/2011/0299

www.vupen.com/english/advisories/2011/0303

www.vupen.com/english/advisories/2011/0349

access.redhat.com/errata/RHSA-2011:0197

access.redhat.com/security/updates/classification/#moderate

exchange.xforce.ibmcloud.com/vulnerabilities/65060

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

Related for VERACODE:24599

nessus33 securityvulns2 altlinux5 openvas30 centos2 fedora2 ubuntu1 oraclelinux2 redhat2 prion1 postgresql1 ubuntucve1 debian1 cve1 gentoo1