CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
91.9%
Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
Vendor | Product | Version | CPE |
---|---|---|---|
postgresql | postgresql | * | cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
postgresql | postgresql | 8.4.1 | cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:* |
postgresql | postgresql | 8.4.2 | cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:* |
postgresql | postgresql | 8.4.3 | cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:* |
postgresql | postgresql | 8.4.4 | cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:* |
postgresql | postgresql | 8.4.5 | cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:* |
postgresql | postgresql | 8.4.6 | cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:* |
postgresql | postgresql | 8.4.7 | cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:* |
postgresql | postgresql | 8.4.8 | cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:* |
postgresql | postgresql | 8.4.9 | cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:* |
archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
lists.opensuse.org/opensuse-updates/2014-03/msg00018.html
lists.opensuse.org/opensuse-updates/2014-03/msg00038.html
rhn.redhat.com/errata/RHSA-2014-0211.html
rhn.redhat.com/errata/RHSA-2014-0221.html
rhn.redhat.com/errata/RHSA-2014-0249.html
rhn.redhat.com/errata/RHSA-2014-0469.html
secunia.com/advisories/61307
support.apple.com/kb/HT6448
wiki.postgresql.org/wiki/20140220securityrelease
www.debian.org/security/2014/dsa-2864
www.debian.org/security/2014/dsa-2865
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.postgresql.org/about/news/1506/
www.postgresql.org/support/security/
www.securityfocus.com/bid/65725
www.ubuntu.com/usn/USN-2120-1
bugzilla.redhat.com/show_bug.cgi?id=1065230
github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a
support.apple.com/kb/HT6536