CVE-2010-4015

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.2.x through 8.2.19 PostgreSQL versions 8.3.x through 8.3.13 PostgreSQL versions 8.4.x through 8.4.6 PostgreSQL versions 9.0.x through 9.0.2

Description The issue is related to a buffer overflow in the gettoken function in the intarray array module. This can be exploited by an authenticated database user to cause a denial of service or possibly execute arbitrary code by calling functions with certain parameters, specifically integers with a large number of digits.

Recommendations For PostgreSQL versions 8.2.x through 8.2.19, update to version 8.2.20 or later. For PostgreSQL versions 8.3.x through 8.3.13, update to version 8.3.14 or later. For PostgreSQL versions 8.4.x through 8.4.6, update to version 8.4.7 or later. For PostgreSQL versions 9.0.x through 9.0.2, update to version 9.0.3 or later.