7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.2%
Multiple vulnerabilities had been reported in various
versions of PostgreSQL:
The EXECUTE restrictions can be bypassed by using the
AGGREGATE function, which is missing a permissions check.
A buffer overflow exists in gram.y which could allow an
attacker to execute arbitrary code by sending a large
number of arguments to a refcursor function, found in
gram.y
The intagg contributed module allows an attacker to crash
the server (Denial of Service) by constructing a malicious
crafted array.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | postgresql | = 7.2 | UNKNOWN |
FreeBSD | any | noarch | postgresql | < 7.2.7 | UNKNOWN |
FreeBSD | any | noarch | postgresql-server | = 7.2 | UNKNOWN |
FreeBSD | any | noarch | postgresql-server | < 7.2.7 | UNKNOWN |
FreeBSD | any | noarch | ja-postgresql | = 7.2 | UNKNOWN |
FreeBSD | any | noarch | ja-postgresql | < 7.2.7 | UNKNOWN |