New Search

Vulnerability in PostgreSQL 9.2.x before 9.2.3 9.1.x before 9.1.8 9.0.x before 9.0.12 8.4.x before 8.4.16 and 8.3.x before 8.3.23 (CVE-2013-0255)

oval:org.cisecurity:def:8200

PostgreSQL 9.2.x before 9.2.3 9.1.x before 9.1.8 9.0.x before 9.0.12 8.4.x before 8.4.16 and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command which triggers an array index error and an out-of-bounds read.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Vista
  • Microsoft Windows 8
  • Microsoft Windows XP
  • Microsoft Windows 8.1
  • Microsoft Windows 7
  • Microsoft Windows 10
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2013-0255
Product(s):
  • PostgreSQL