Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42809
HistoryAug 16, 2023 - 12:26 a.m.

Denial Of Service (DoS)

2023-08-1600:26:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
denial of service
postgresql
vulnerability
crafted command

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

36.3%

postgresql is vulnerable to Denial Of Service (DoS). This vulnerability occurs when a user sends a specially crafted MERGE command to PostgreSQL. If the command is valid, PostgreSQL could be tricked into entering an infinite loop which could prevent PostgreSQL from serving requests, resulting in a denial of service.

References

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

36.3%