CVE-2010-0442

Severity

65%

Complexity

80%

Confidentiality

106%

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

Type

PostgreSQL

First reported 15 years ago

2010-02-02 18:30:00

Last updated 7 years ago

2017-09-19 01:30:00

Affected Software

PostgreSQL PostgreSQL 8.0.23

8.0.23

PostgreSQL 8.1.11

8.1.11

PostgreSQL 8.3.8

8.3.8

References

[pgsql-committers] 20100107 pgsql: Make bit/varbit substring() treat any negative length as meaning

[pgsql-hackers] 20100107 Re: Patch: Allow substring/replace() to get/set bit values

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058

http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=75dea10196c31d98d98c0bafeeb576ae99c09b12

http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=b15087cb39ca9e4bde3c8920fcee3741045d2b83

http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html

39566

39820

39939

1023510

USN-933-1

DSA-2051

MDVSA-2010:103

[oss-security] 20100127 Re: CVE id request: postgresql bitsubstr overflow

RHSA-2010:0427

RHSA-2010:0428

RHSA-2010:0429

37973

Exploit

ADV-2010-1022

ADV-2010-1197

ADV-2010-1207

ADV-2010-1221

https://bugzilla.redhat.com/show_bug.cgi?id=559194

https://bugzilla.redhat.com/show_bug.cgi?id=559259

postgresql-substring-bo(55902)

oval:org.mitre.oval:def:9720

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.