CVE-2007-4769

Severity

68%

Complexity

80%

Confidentiality

115%

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C).

Overview

Type

PostgreSQL

First reported 17 years ago

2008-01-09 21:46:00

Last updated 6 years ago

2018-10-15 21:37:00

Affected Software

PostgreSQL 7.3

7.3

PostgreSQL 7.3.1

7.3.1

PostgreSQL 7.3.2

7.3.2

PostgreSQL 7.3.3

7.3.3

PostgreSQL 7.3.4

7.3.4

PostgreSQL 7.3.6

7.3.6

PostgreSQL 7.3.8

7.3.8

PostgreSQL 7.3.9

7.3.9

PostgreSQL 7.3.10

7.3.10

PostgreSQL 7.3.11

7.3.11

PostgreSQL 7.3.12

7.3.12

PostgreSQL 7.3.13

7.3.13

PostgreSQL 7.3.14

7.3.14

PostgreSQL 7.3.15

7.3.15

PostgreSQL 7.3.16

7.3.16

PostgreSQL 7.3.19

7.3.19

PostgreSQL PostgreSQL 7.4

7.4

PostgreSQL PostgreSQL 7.4.1

7.4.1

PostgreSQL PostgreSQL 7.4.2

7.4.2

PostgreSQL PostgreSQL 7.4.3

7.4.3

PostgreSQL PostgreSQL 7.4.4

7.4.4

PostgreSQL PostgreSQL 7.4.5

7.4.5

PostgreSQL PostgreSQL 7.4.6

7.4.6

PostgreSQL PostgreSQL 7.4.7

7.4.7

PostgreSQL PostgreSQL 7.4.8

7.4.8

PostgreSQL PostgreSQL 7.4.9

7.4.9

PostgreSQL PostgreSQL 7.4.10

7.4.10

PostgreSQL PostgreSQL 7.4.11

7.4.11

PostgreSQL PostgreSQL 7.4.12

7.4.12

PostgreSQL PostgreSQL 7.4.13

7.4.13

PostgreSQL PostgreSQL 7.4.14

7.4.14

PostgreSQL PostgreSQL 7.4.16

7.4.16

PostgreSQL PostgreSQL 7.4.17

7.4.17

PostgreSQL 8.0

8.0

PostgreSQL PostgreSQL 8.0.1

8.0.1

PostgreSQL PostgreSQL 8.0.2

8.0.2

PostgreSQL PostgreSQL 8.0.3

8.0.3

PostgreSQL PostgreSQL 8.0.4

8.0.4

PostgreSQL PostgreSQL 8.0.5

8.0.5

PostgreSQL PostgreSQL 8.0.7

8.0.7

PostgreSQL PostgreSQL 8.0.8

8.0.8

PostgreSQL PostgreSQL 8.0.9

8.0.9

PostgreSQL PostgreSQL 8.0.11

8.0.11

PostgreSQL PostgreSQL 8.0.13

8.0.13

PostgreSQL 8.1.1

8.1.1

PostgreSQL 8.1.3

8.1.3

PostgreSQL 8.1.4

8.1.4

PostgreSQL 8.1.5

8.1.5

PostgreSQL 8.1.7

8.1.7

PostgreSQL 8.1.8

8.1.8

PostgreSQL 8.1.9

8.1.9

PostgreSQL 8.2

8.2

PostgreSQL 8.2.2

8.2.2

PostgreSQL 8.2.3

8.2.3

PostgreSQL 8.2.4

8.2.4

References

SSRT080006

SUSE-SA:2008:005

28359

Vendor Advisory

28376

Vendor Advisory

28437

Vendor Advisory

28438

Vendor Advisory

28454

Vendor Advisory

28455

Vendor Advisory

28464

Vendor Advisory

28477

28479

Vendor Advisory

28679

Vendor Advisory

28698

Vendor Advisory

29638

Vendor Advisory

GLSA-200801-15

1019157

http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894

http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894

103197

200559

DSA-1460

DSA-1463

MDVSA-2008:004

http://www.postgresql.org/about/news.905

RHSA-2008:0038

RHSA-2008:0040

20080107 PostgreSQL 2007-01-07 Cumulative Security Release

20080115 rPSA-2008-0016-1 postgresql postgresql-server

27163

Patch

ADV-2008-0061

Vendor Advisory

ADV-2008-0109

Vendor Advisory

ADV-2008-1071

postgresql-backref-dos(39499)

https://issues.rpath.com/browse/RPL-1768

oval:org.mitre.oval:def:9804

USN-568-1

FEDORA-2008-0478

FEDORA-2008-0552

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.