CVE-2005-1410

2005-05-0304:00:00

[email protected]

web.nvd.nist.gov

postgresql

tsearch2

cve-2005-1410

security vulnerability

denial of service

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.3%

JSON

The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as “internal” even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.

Affected configurations

NVD

Node

postgresqlpostgresqlMatch7.4

postgresqlpostgresqlMatch7.4.3

postgresqlpostgresqlMatch7.4.5

postgresqlpostgresqlMatch7.4.6

postgresqlpostgresqlMatch7.4.7

postgresqlpostgresqlMatch8.0

postgresqlpostgresqlMatch8.0.1

postgresqlpostgresqlMatch8.0.2

Node

trustixsecure_linuxMatch2.0

CPENameOperatorVersion
postgresql:postgresqlpostgresqleq7.4
postgresql:postgresqlpostgresqleq7.4.3
postgresql:postgresqlpostgresqleq7.4.5
postgresql:postgresqlpostgresqleq7.4.6
postgresql:postgresqlpostgresqleq7.4.7
postgresql:postgresqlpostgresqleq8.0
postgresql:postgresqlpostgresqleq8.0.1
postgresql:postgresqlpostgresqleq8.0.2

CPE	Name	Operator	Version
postgresql:postgresql	postgresql	eq	7.4
postgresql:postgresql	postgresql	eq	7.4.3
postgresql:postgresql	postgresql	eq	7.4.5
postgresql:postgresql	postgresql	eq	7.4.6
postgresql:postgresql	postgresql	eq	7.4.7
postgresql:postgresql	postgresql	eq	8.0
postgresql:postgresql	postgresql	eq	8.0.1
postgresql:postgresql	postgresql	eq	8.0.2