40%
80%
48%
Per: https://bugzilla.redhat.com/show_bug.cgi?id=488156 "PostgreSQL allows remote authenticated users to cause a momentary denial of service (crash due to stack consumption) when there is a failure to convert a localized error message to the client-specified encoding. In releases 8.3.6, 8.2.12, 8.1.16. 8.0.20, and 7.4.24, a trivial misconfiguration is sufficient to provoke a crash. In older releases it is necessary to select a locale and client encoding for which specific messages fail to translate, and so a given installation may or may not be vulnerable depending on the administrator-determined locale setting. Releases 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 are secure against all known variants of this issue."
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
Per: https://bugzilla.redhat.com/show_bug.cgi?id=488156 "PostgreSQL allows remote authenticated users to cause a momentary denial of service (crash due to stack consumption) when there is a failure to convert a localized error message to the client-specified encoding. In releases 8.3.6, 8.2.12, 8.1.16. 8.0.20, and 7.4.24, a trivial misconfiguration is sufficient to provoke a crash. In older releases it is necessary to select a locale and client encoding for which specific messages fail to translate, and so a given installation may or may not be vulnerable depending on the administrator-determined locale setting. Releases 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 are secure against all known variants of this issue."
CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P).
ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.
If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.