Lucene search

[email protected]NVD:CVE-2014-0063

HistoryMar 31, 2014 - 2:58 p.m.

CVE-2014-0063

2014-03-3114:58:15

CWE-119

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.927 High

EPSS

Percentile

99.0%

JSON

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.

Affected configurations

NVD

Node

postgresqlpostgresqlRange≤8.4.19

postgresqlpostgresqlMatch8.4.1

postgresqlpostgresqlMatch8.4.2

postgresqlpostgresqlMatch8.4.3

postgresqlpostgresqlMatch8.4.4

postgresqlpostgresqlMatch8.4.5

postgresqlpostgresqlMatch8.4.6

postgresqlpostgresqlMatch8.4.7

postgresqlpostgresqlMatch8.4.8

postgresqlpostgresqlMatch8.4.9

postgresqlpostgresqlMatch8.4.10

postgresqlpostgresqlMatch8.4.11

postgresqlpostgresqlMatch8.4.12

postgresqlpostgresqlMatch8.4.13

postgresqlpostgresqlMatch8.4.14

postgresqlpostgresqlMatch8.4.15

postgresqlpostgresqlMatch8.4.16

postgresqlpostgresqlMatch8.4.17

postgresqlpostgresqlMatch8.4.18

postgresqlpostgresqlMatch9.0

postgresqlpostgresqlMatch9.0.1

postgresqlpostgresqlMatch9.0.2

postgresqlpostgresqlMatch9.0.3

postgresqlpostgresqlMatch9.0.4

postgresqlpostgresqlMatch9.0.5

postgresqlpostgresqlMatch9.0.6

postgresqlpostgresqlMatch9.0.7

postgresqlpostgresqlMatch9.0.8

postgresqlpostgresqlMatch9.0.9

postgresqlpostgresqlMatch9.0.10

postgresqlpostgresqlMatch9.0.11

postgresqlpostgresqlMatch9.0.12

postgresqlpostgresqlMatch9.0.13

postgresqlpostgresqlMatch9.0.14

postgresqlpostgresqlMatch9.0.15

postgresqlpostgresqlMatch9.1

postgresqlpostgresqlMatch9.1.1

postgresqlpostgresqlMatch9.1.2

postgresqlpostgresqlMatch9.1.3

postgresqlpostgresqlMatch9.1.4

postgresqlpostgresqlMatch9.1.5

postgresqlpostgresqlMatch9.1.6

postgresqlpostgresqlMatch9.1.7

postgresqlpostgresqlMatch9.1.8

postgresqlpostgresqlMatch9.1.9

postgresqlpostgresqlMatch9.1.10

postgresqlpostgresqlMatch9.1.11

postgresqlpostgresqlMatch9.2

postgresqlpostgresqlMatch9.2.1

postgresqlpostgresqlMatch9.2.2

postgresqlpostgresqlMatch9.2.3

postgresqlpostgresqlMatch9.2.4

postgresqlpostgresqlMatch9.2.5

postgresqlpostgresqlMatch9.2.6

postgresqlpostgresqlMatch9.3

postgresqlpostgresqlMatch9.3.1

postgresqlpostgresqlMatch9.3.2

References

archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.opensuse.org/opensuse-updates/2014-03/msg00018.html

lists.opensuse.org/opensuse-updates/2014-03/msg00038.html

rhn.redhat.com/errata/RHSA-2014-0211.html

rhn.redhat.com/errata/RHSA-2014-0221.html

rhn.redhat.com/errata/RHSA-2014-0249.html

rhn.redhat.com/errata/RHSA-2014-0469.html

secunia.com/advisories/61307

support.apple.com/kb/HT6448

wiki.postgresql.org/wiki/20140220securityrelease

www.debian.org/security/2014/dsa-2864

www.debian.org/security/2014/dsa-2865

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.postgresql.org/about/news/1506/

www.postgresql.org/support/security/

www.securityfocus.com/bid/65719

www.ubuntu.com/usn/USN-2120-1

bugzilla.redhat.com/show_bug.cgi?id=1065226

github.com/postgres/postgres/commit/4318daecc959886d001a6e79c6ea853e8b1dfb4b

support.apple.com/kb/HT6536

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.927 High

EPSS

Percentile

99.0%

JSON

Related for NVD:CVE-2014-0063