Neil Conway

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 8.0.1 and earlier **Description** The issue is related to multiple buffer overflows in the gram.y file for PostgreSQL, which may allow attackers to execute arbitrary code. This can occur through various means, including a large number of variables in a SQL statement handled by the `read sql construct` function, a large number of INTO variables in a SELECT statement handled by the `make select stmt` function, a large number of arbitrary variables in a SELECT statement handled by the `make select stmt` function, and a large number of INTO variables in a FETCH statement handled by the `make fetch stmt` function. A valid login is required to exploit this issue. **Recommendations** For PostgreSQL versions 8.0.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 8.0.0 and earlier **Description** The issue is related to buffer overflows in the gram.y file for PostgreSQL and the PL/PGSQL parser, which may allow attackers to execute arbitrary code. A valid login is required to exploit this vulnerability. The buffer overflow in gram.y occurs when a large number of arguments are passed to a refcursor function, leading to a heap-based buffer overflow. **Recommendations** For PostgreSQL versions 8.0.0 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.