CVE-2002-1398

Severity

46%

Complexity

39%

Confidentiality

106%

Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input."

Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input."

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

PostgreSQL

First reported 22 years ago

2003-01-17 05:00:00

Last updated 8 years ago

2016-10-18 02:26:00

Affected Software

PostgreSQL 6.3.2

6.3.2

PostgreSQL 6.5.3

6.5.3

PostgreSQL 7.0.3

7.0.3

PostgreSQL 7.1

7.1

PostgreSQL 7.1.1

7.1.1

PostgreSQL 7.1.2

7.1.2

PostgreSQL 7.1.3

7.1.3

PostgreSQL 7.2

7.2

PostgreSQL 7.2.1

7.2.1

References

http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php

20020819 Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL

20020821 Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL

20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release

20020826 GLSA: PostgreSQL

http://marc.info/?l=postgresql-announce&m=103062536330644

8034

DSA-165

SuSE-SA:2002:038

RHSA-2003:001

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.