6.5
CVE-2005-0247
- EPSS 3.51%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:46
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version7.2
Postgresql ≫ Postgresql Version7.2.1
Postgresql ≫ Postgresql Version7.2.2
Postgresql ≫ Postgresql Version7.2.3
Postgresql ≫ Postgresql Version7.2.4
Postgresql ≫ Postgresql Version7.2.5
Postgresql ≫ Postgresql Version7.2.6
Postgresql ≫ Postgresql Version7.2.7
Postgresql ≫ Postgresql Version7.3
Postgresql ≫ Postgresql Version7.3.1
Postgresql ≫ Postgresql Version7.3.2
Postgresql ≫ Postgresql Version7.3.3
Postgresql ≫ Postgresql Version7.3.4
Postgresql ≫ Postgresql Version7.3.5
Postgresql ≫ Postgresql Version7.3.6
Postgresql ≫ Postgresql Version7.3.7
Postgresql ≫ Postgresql Version7.3.8
Postgresql ≫ Postgresql Version7.3.9
Postgresql ≫ Postgresql Version7.4
Postgresql ≫ Postgresql Version7.4.1
Postgresql ≫ Postgresql Version7.4.2
Postgresql ≫ Postgresql Version7.4.3
Postgresql ≫ Postgresql Version7.4.4
Postgresql ≫ Postgresql Version7.4.5
Postgresql ≫ Postgresql Version7.4.6
Postgresql ≫ Postgresql Version7.4.7
Postgresql ≫ Postgresql Version8.0.0
Postgresql ≫ Postgresql Version8.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.51% | 0.877 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php
http://marc.info/?l=bugtraq&m=110806034116082&w=2
http://www.debian.org/security/2005/dsa-683
http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
http://www.redhat.com/support/errata/RHSA-2005-138.html
http://www.redhat.com/support/errata/RHSA-2005-150.html
http://www.securityfocus.com/bid/12417
http://www.gentoo.org/security/en/glsa/glsa-200502-19.xml
http://www.novell.com/linux/security/advisories/2005_27_postgresql.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/19375
https://exchange.xforce.ibmcloud.com/vulnerabilities/19376
https://exchange.xforce.ibmcloud.com/vulnerabilities/19377
https://exchange.xforce.ibmcloud.com/vulnerabilities/19378
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9345