CVE-2010-0733

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:N/A:P

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php
http://www.openwall.com/lists/oss-security/2010/03/09/2
https://bugzilla.redhat.com/show_bug.cgi?id=546621	Patch
http://www.openwall.com/lists/oss-security/2010/03/16/10
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php
http://www.redhat.com/support/errata/RHSA-2010-0428.html
http://www.redhat.com/support/errata/RHSA-2010-0427.html
http://www.redhat.com/support/errata/RHSA-2010-0429.html
http://www.securityfocus.com/bid/38619
http://secunia.com/advisories/39820
http://www.vupen.com/english/advisories/2010/1197
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10691
http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=64b057e6823655fb6c5d1f24a28f236b94dd6c54

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:postgresql:postgresql:8.1.10:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.6:::::::*
	cpe:2.3:a:postgresql:postgresql:8.2.9:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.7:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.2:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.15:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.7:::::::*
	cpe:2.3:a:postgresql:postgresql:8.3.6:::::::*
	cpe:2.3:a:postgresql:postgresql:8.2.10:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.22:::::::*
	cpe:2.3:a:postgresql:postgresql:8.2.15:::::::*
	cpe:2.3:a:postgresql:postgresql:8.2.4:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.17:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.10:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.20:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.19:::::::*
	cpe:2.3:a:postgresql:postgresql:8.2.11:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.13:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.12:::::::*
	cpe:2.3:a:postgresql:postgresql:8.2.12:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.9:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.15:::::::*
	cpe:2.3:a:postgresql:postgresql:8.2.2:::::::*
	cpe:2.3:a:postgresql:postgresql:8.3.3:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.0:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.0:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.3:::::::*
	cpe:2.3:a:postgresql:postgresql:8.3.2:::::::*
	cpe:2.3:a:postgresql:postgresql:8.5:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.18:::::::*
	cpe:2.3:a:postgresql:postgresql:8.2.5:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.3:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.24:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.9:::::::*
	cpe:2.3:a:postgresql:postgresql:8.4:::::::*
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql:8.2.1:::::::*
	cpe:2.3:a:postgresql:postgresql:8.3.1:::::::*
	cpe:2.3:a:postgresql:postgresql:8.5:alpha2::::::
	cpe:2.3:a:postgresql:postgresql:8.1.14:::::::*
	cpe:2.3:a:postgresql:postgresql:8.3.5:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.20:::::::*
	cpe:2.3:a:postgresql:postgresql:8.3.8:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.8:::::::*
	cpe:2.3:a:postgresql:postgresql:8.2.7:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.6:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.11:::::::*
	cpe:2.3:a:postgresql:postgresql:8.2.6:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.16:::::::*
	cpe:2.3:a:postgresql:postgresql:8.3.7:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.17:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.13:::::::*
	cpe:2.3:a:postgresql:postgresql:8.3.10:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.18:::::::*
	cpe:2.3:a:postgresql:postgresql:8.3:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.4:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.1:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.8:::::::*
	cpe:2.3:a:postgresql:postgresql:8.3.4:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.19:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.1:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.12:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.5:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.21:::::::*
cpe:2.3:a:postgresql:postgresql:8.1.16:::::::*
cpe:2.3:a:postgresql:postgresql:8.2.3:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.23:::::::*
cpe:2.3:a:postgresql:postgresql:8.5:alpha1::::::
cpe:2.3:a:postgresql:postgresql:8.3.9:::::::*
cpe:2.3:a:postgresql:postgresql:8.2.16:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.4:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.5:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.14:::::::*
cpe:2.3:a:postgresql:postgresql:8.2.8:::::::*
cpe:2.3:a:postgresql:postgresql:8.2.13:::::::*
cpe:2.3:a:postgresql:postgresql:8.2:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.11:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.317:::::::*
cpe:2.3:a:postgresql:postgresql:8.0:::::::*
cpe:2.3:a:postgresql:postgresql:8.2.14:::::::*
cpe:2.3:a:postgresql:postgresql:8.1.2:::::::*

Information

Published : 2010-03-19 12:30

Updated : 2023-02-12 20:16

NVD link : CVE-2010-0733

Mitre link : CVE-2010-0733

JSON object : View

CWE

CWE-189

Numeric Errors

Products Affected

postgresql

postgresql

3.5 /10