CVE-2005-0247

EPSS 1.56%
Published 02.05.2005 04:00:00
Last modified 03.04.2025 01:03:51
Source secalert@redhat.com
Teams watchlist Login
Open Login

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.

Affected products Warnungen 0 Metrics 2 CWE 1 References 18

Data is provided by the National Vulnerability Database (NVD)

Postgresql ≫ Postgresql Version7.2

Postgresql ≫ Postgresql Version7.2.1

Postgresql ≫ Postgresql Version7.2.2

Postgresql ≫ Postgresql Version7.2.3

Postgresql ≫ Postgresql Version7.2.4

Postgresql ≫ Postgresql Version7.2.5

Postgresql ≫ Postgresql Version7.2.6

Postgresql ≫ Postgresql Version7.2.7

Postgresql ≫ Postgresql Version7.3

Postgresql ≫ Postgresql Version7.3.1

Postgresql ≫ Postgresql Version7.3.2

Postgresql ≫ Postgresql Version7.3.3

Postgresql ≫ Postgresql Version7.3.4

Postgresql ≫ Postgresql Version7.3.5

Postgresql ≫ Postgresql Version7.3.6

Postgresql ≫ Postgresql Version7.3.7

Postgresql ≫ Postgresql Version7.3.8

Postgresql ≫ Postgresql Version7.3.9

Postgresql ≫ Postgresql Version7.4

Postgresql ≫ Postgresql Version7.4.1

Postgresql ≫ Postgresql Version7.4.2

Postgresql ≫ Postgresql Version7.4.3

Postgresql ≫ Postgresql Version7.4.4

Postgresql ≫ Postgresql Version7.4.5

Postgresql ≫ Postgresql Version7.4.6

Postgresql ≫ Postgresql Version7.4.7

Postgresql ≫ Postgresql Version8.0.0

Postgresql ≫ Postgresql Version8.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.56%	0.807

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php

Patch

http://marc.info/?l=bugtraq&m=110806034116082&w=2

http://www.debian.org/security/2005/dsa-683

http://www.mandriva.com/security/advisories?name=MDKSA-2005:040

http://www.novell.com/linux/security/advisories/2005_36_sudo.html

http://www.redhat.com/support/errata/RHSA-2005-138.html

Patch

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-150.html

Patch

Vendor Advisory