6.8
CVE-2013-0255
- EPSS 3.59%
- Veröffentlicht 13.02.2013 01:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version8.3
Postgresql ≫ Postgresql Version8.3.1
Postgresql ≫ Postgresql Version8.3.2
Postgresql ≫ Postgresql Version8.3.3
Postgresql ≫ Postgresql Version8.3.4
Postgresql ≫ Postgresql Version8.3.5
Postgresql ≫ Postgresql Version8.3.6
Postgresql ≫ Postgresql Version8.3.7
Postgresql ≫ Postgresql Version8.3.8
Postgresql ≫ Postgresql Version8.3.9
Postgresql ≫ Postgresql Version8.3.10
Postgresql ≫ Postgresql Version8.3.11
Postgresql ≫ Postgresql Version8.3.12
Postgresql ≫ Postgresql Version8.3.13
Postgresql ≫ Postgresql Version8.3.14
Postgresql ≫ Postgresql Version8.3.15
Postgresql ≫ Postgresql Version8.3.16
Postgresql ≫ Postgresql Version8.3.17
Postgresql ≫ Postgresql Version8.3.18
Postgresql ≫ Postgresql Version8.3.19
Postgresql ≫ Postgresql Version8.3.20
Postgresql ≫ Postgresql Version8.3.21
Postgresql ≫ Postgresql Version8.3.22
Postgresql ≫ Postgresql Version8.4
Postgresql ≫ Postgresql Version8.4.1
Postgresql ≫ Postgresql Version8.4.2
Postgresql ≫ Postgresql Version8.4.3
Postgresql ≫ Postgresql Version8.4.4
Postgresql ≫ Postgresql Version8.4.5
Postgresql ≫ Postgresql Version8.4.6
Postgresql ≫ Postgresql Version8.4.7
Postgresql ≫ Postgresql Version8.4.8
Postgresql ≫ Postgresql Version8.4.9
Postgresql ≫ Postgresql Version8.4.10
Postgresql ≫ Postgresql Version8.4.11
Postgresql ≫ Postgresql Version8.4.12
Postgresql ≫ Postgresql Version8.4.13
Postgresql ≫ Postgresql Version8.4.14
Postgresql ≫ Postgresql Version8.4.15
Postgresql ≫ Postgresql Version9.0
Postgresql ≫ Postgresql Version9.0.1
Postgresql ≫ Postgresql Version9.0.2
Postgresql ≫ Postgresql Version9.0.3
Postgresql ≫ Postgresql Version9.0.4
Postgresql ≫ Postgresql Version9.0.5
Postgresql ≫ Postgresql Version9.0.6
Postgresql ≫ Postgresql Version9.0.7
Postgresql ≫ Postgresql Version9.0.8
Postgresql ≫ Postgresql Version9.0.9
Postgresql ≫ Postgresql Version9.0.10
Postgresql ≫ Postgresql Version9.0.11
Postgresql ≫ Postgresql Version9.1
Postgresql ≫ Postgresql Version9.1.1
Postgresql ≫ Postgresql Version9.1.2
Postgresql ≫ Postgresql Version9.1.3
Postgresql ≫ Postgresql Version9.1.4
Postgresql ≫ Postgresql Version9.1.5
Postgresql ≫ Postgresql Version9.1.6
Postgresql ≫ Postgresql Version9.1.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.59% | 0.879 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8 | 6.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html
http://osvdb.org/89935
http://rhn.redhat.com/errata/RHSA-2013-1475.html
http://secunia.com/advisories/51923
http://secunia.com/advisories/52819
http://securitytracker.com/id?1028092
http://www.debian.org/security/2013/dsa-2630
http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
http://www.postgresql.org/docs/8.3/static/release-8-3-23.html
http://www.postgresql.org/docs/8.4/static/release-8-4-16.html
http://www.postgresql.org/docs/9.0/static/release-9-0-12.html
http://www.postgresql.org/docs/9.1/static/release-9-1-8.html
http://www.postgresql.org/docs/9.2/static/release-9-2-3.html
http://www.securityfocus.com/bid/57844
http://www.ubuntu.com/usn/USN-1717-1
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index
https://bugzilla.redhat.com/show_bug.cgi?id=907892
https://exchange.xforce.ibmcloud.com/vulnerabilities/81917