CVE-2010-4015

Severity

65%

Complexity

80%

Confidentiality

106%

Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.

Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

Type

PostgreSQL

First reported 14 years ago

2011-02-02 01:00:00

Last updated 7 years ago

2017-08-17 01:33:00

Affected Software

PostgreSQL 8.3

8.3

PostgreSQL 8.3.1

8.3.1

PostgreSQL 8.3.2

8.3.2

PostgreSQL 8.3.3

8.3.3

PostgreSQL 8.3.4

8.3.4

PostgreSQL 8.3.5

8.3.5

PostgreSQL 8.3.6

8.3.6

PostgreSQL 8.3.7

8.3.7

PostgreSQL 8.3.8

8.3.8

PostgreSQL 8.3.9

8.3.9

PostgreSQL 8.3.10

8.3.10

PostgreSQL 8.3.11

8.3.11

PostgreSQL 8.3.12

8.3.12

PostgreSQL 8.3.13

8.3.13

PostgreSQL 9.0

9.0

PostgreSQL 9.0.1

9.0.1

PostgreSQL 9.0.2

9.0.2

PostgreSQL 8.4

8.4

PostgreSQL 8.4.1

8.4.1

PostgreSQL 8.4.2

8.4.2

PostgreSQL 8.4.3

8.4.3

PostgreSQL 8.4.4

8.4.4

PostgreSQL 8.4.5

8.4.5

PostgreSQL 8.4.6

8.4.6

PostgreSQL 8.2

8.2

PostgreSQL 8.2.1

8.2.1

PostgreSQL 8.2.2

8.2.2

PostgreSQL 8.2.3

8.2.3

PostgreSQL 8.2.4

8.2.4

PostgreSQL 8.2.5

8.2.5

PostgreSQL 8.2.6

8.2.6

PostgreSQL 8.2.7

8.2.7

PostgreSQL 8.2.8

8.2.8

PostgreSQL 8.2.9

8.2.9

PostgreSQL 8.2.10

8.2.10

PostgreSQL 8.2.11

8.2.11

PostgreSQL 8.2.12

8.2.12

PostgreSQL 8.2.13

8.2.13

PostgreSQL 8.2.14

8.2.14

PostgreSQL 8.2.15

8.2.15

PostgreSQL 8.2.16

8.2.16

PostgreSQL 8.2.17

8.2.17

PostgreSQL 8.2.18

8.2.18

PostgreSQL 8.2.19

8.2.19

References

http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431

Patch

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

FEDORA-2011-0990

FEDORA-2011-0963

SUSE-SR:2011:005

SSRT100617

70740

43144

Vendor Advisory

43154

43155

43187

43188

43240

DSA-2157

MDVSA-2011:021

http://www.postgresql.org/about/news.1289

http://www.postgresql.org/support/security

RHSA-2011:0197

RHSA-2011:0198

46084

USN-1058-1

ADV-2011-0262

Vendor Advisory

ADV-2011-0278

ADV-2011-0283

ADV-2011-0287

ADV-2011-0299

ADV-2011-0303

ADV-2011-0349

postgresql-gettoken-buffer-overflow(65060)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.