CVE-2013-0255

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.3.x through 8.3.23 PostgreSQL versions 8.4.x through 8.4.16 PostgreSQL versions 9.0.x through 9.0.12 PostgreSQL versions 9.1.x through 9.1.8 PostgreSQL versions 9.2.x through 9.2.3

Description The issue is related to the incorrect declaration of the enum recv function in the backend/utils/adt/enum.c interface, which allows remote authenticated users to cause a denial of service or read sensitive process memory via a crafted SQL command. This command triggers an array index error and an out-of-bounds read, potentially crashing the server.

Recommendations For PostgreSQL versions 8.3.x through 8.3.23, update to a version later than 8.3.23 to resolve the issue. For PostgreSQL versions 8.4.x through 8.4.16, update to a version later than 8.4.16 to resolve the issue. For PostgreSQL versions 9.0.x through 9.0.12, update to a version later than 9.0.12 to resolve the issue. For PostgreSQL versions 9.1.x through 9.1.8, update to a version later than 9.1.8 to resolve the issue. For PostgreSQL versions 9.2.x through 9.2.3, update to a version later than 9.2.3 to resolve the issue.