PT-2009-3509 · Postgresql+1 · Postgresql+1

Vincent Danen

Publicado

2009-03-17

Atualizado

2018-10-10

CVE-2009-0922

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 8.3.7 PostgreSQL versions prior to 8.2.13 PostgreSQL versions prior to 8.1.17 PostgreSQL versions prior to 8.0.21 PostgreSQL versions prior to 7.4.25

Description The issue allows remote authenticated users to cause a denial of service by triggering a failure in the conversion of a localized error message to a client-specified encoding. This can lead to stack consumption and a crash. A valid login is required to exploit this issue.

Recommendations For versions prior to 8.3.7, update to version 8.3.7 or later. For versions prior to 8.2.13, update to version 8.2.13 or later. For versions prior to 8.1.17, update to version 8.1.17 or later. For versions prior to 8.0.21, update to version 8.0.21 or later. For versions prior to 7.4.25, update to version 7.4.25 or later.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CVE-2009-0922

RHSA-2009:1067

RHSA-2009:1484

RHSA-2009_1484

Produtos afetados

Postgresql

Red Hat

PT-2009-3509 · Postgresql+1 · Postgresql+1

CVE-2009-0922

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33