Lucene search

[email protected]NVD:CVE-2010-0733

HistoryMar 19, 2010 - 7:30 p.m.

CVE-2010-0733

2010-03-1919:30:00

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.04

Percentile

92.1%

JSON

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.

Affected configurations

NVD

Node

postgresqlpostgresqlRange≤8.4.1

postgresqlpostgresqlMatch8.0

postgresqlpostgresqlMatch8.0.0

postgresqlpostgresqlMatch8.0.1

postgresqlpostgresqlMatch8.0.2

postgresqlpostgresqlMatch8.0.3

postgresqlpostgresqlMatch8.0.4

postgresqlpostgresqlMatch8.0.5

postgresqlpostgresqlMatch8.0.6

postgresqlpostgresqlMatch8.0.7

postgresqlpostgresqlMatch8.0.8

postgresqlpostgresqlMatch8.0.9

postgresqlpostgresqlMatch8.0.10

postgresqlpostgresqlMatch8.0.11

postgresqlpostgresqlMatch8.0.12

postgresqlpostgresqlMatch8.0.13

postgresqlpostgresqlMatch8.0.14

postgresqlpostgresqlMatch8.0.15

postgresqlpostgresqlMatch8.0.16

postgresqlpostgresqlMatch8.0.17

postgresqlpostgresqlMatch8.0.18

postgresqlpostgresqlMatch8.0.19

postgresqlpostgresqlMatch8.0.20

postgresqlpostgresqlMatch8.0.21

postgresqlpostgresqlMatch8.0.22

postgresqlpostgresqlMatch8.0.23

postgresqlpostgresqlMatch8.0.24

postgresqlpostgresqlMatch8.0.317

postgresqlpostgresqlMatch8.1

postgresqlpostgresqlMatch8.1.0

postgresqlpostgresqlMatch8.1.1

postgresqlpostgresqlMatch8.1.2

postgresqlpostgresqlMatch8.1.3

postgresqlpostgresqlMatch8.1.4

postgresqlpostgresqlMatch8.1.5

postgresqlpostgresqlMatch8.1.6

postgresqlpostgresqlMatch8.1.7

postgresqlpostgresqlMatch8.1.8

postgresqlpostgresqlMatch8.1.9

postgresqlpostgresqlMatch8.1.10

postgresqlpostgresqlMatch8.1.11

postgresqlpostgresqlMatch8.1.12

postgresqlpostgresqlMatch8.1.13

postgresqlpostgresqlMatch8.1.14

postgresqlpostgresqlMatch8.1.15

postgresqlpostgresqlMatch8.1.16

postgresqlpostgresqlMatch8.1.17

postgresqlpostgresqlMatch8.1.18

postgresqlpostgresqlMatch8.1.19

postgresqlpostgresqlMatch8.1.20

postgresqlpostgresqlMatch8.2

postgresqlpostgresqlMatch8.2.1

postgresqlpostgresqlMatch8.2.2

postgresqlpostgresqlMatch8.2.3

postgresqlpostgresqlMatch8.2.4

postgresqlpostgresqlMatch8.2.5

postgresqlpostgresqlMatch8.2.6

postgresqlpostgresqlMatch8.2.7

postgresqlpostgresqlMatch8.2.8

postgresqlpostgresqlMatch8.2.9

postgresqlpostgresqlMatch8.2.10

postgresqlpostgresqlMatch8.2.11

postgresqlpostgresqlMatch8.2.12

postgresqlpostgresqlMatch8.2.13

postgresqlpostgresqlMatch8.2.14

postgresqlpostgresqlMatch8.2.15

postgresqlpostgresqlMatch8.2.16

postgresqlpostgresqlMatch8.3

postgresqlpostgresqlMatch8.3.1

postgresqlpostgresqlMatch8.3.2

postgresqlpostgresqlMatch8.3.3

postgresqlpostgresqlMatch8.3.4

postgresqlpostgresqlMatch8.3.5

postgresqlpostgresqlMatch8.3.6

postgresqlpostgresqlMatch8.3.7

postgresqlpostgresqlMatch8.3.8

postgresqlpostgresqlMatch8.3.9

postgresqlpostgresqlMatch8.3.10

postgresqlpostgresqlMatch8.4

postgresqlpostgresqlMatch8.5

postgresqlpostgresqlMatch8.5alpha1

postgresqlpostgresqlMatch8.5alpha2

References

archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php

archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php

archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php

archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php

git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=64b057e6823655fb6c5d1f24a28f236b94dd6c54

lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

secunia.com/advisories/39820

www.openwall.com/lists/oss-security/2010/03/09/2

www.openwall.com/lists/oss-security/2010/03/16/10

www.redhat.com/support/errata/RHSA-2010-0427.html

www.redhat.com/support/errata/RHSA-2010-0428.html

www.redhat.com/support/errata/RHSA-2010-0429.html

www.securityfocus.com/bid/38619

www.vupen.com/english/advisories/2010/1197

bugzilla.redhat.com/show_bug.cgi?id=546621

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10691

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.04

Percentile

92.1%

JSON

Related for NVD:CVE-2010-0733

prion1 seebug1 openvas16 cve1 cvelist1 packetstorm1 ubuntucve1 veracode1 nessus18 centos3 redhat3 oraclelinux3 gentoo1