CVE-2014-2669

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 9.0.x through 9.0.15 PostgreSQL versions 9.1.x through 9.1.11 PostgreSQL versions 9.2.x through 9.2.6 PostgreSQL versions 9.3.x through 9.3.2

Description The issue is caused by multiple integer overflows in the contrib/hstore/hstore io.c file, which can be exploited by remote authenticated users. The overflows are related to the hstore recv, hstore from arrays, and hstore from array functions in contrib/hstore/hstore io.c, as well as the hstoreArrayToPairs function in contrib/hstore/hstore op.c. This can trigger a buffer overflow, allowing attackers to have an unspecified impact.

Recommendations For PostgreSQL versions 9.0.x through 9.0.15, update to version 9.0.16 or later. For PostgreSQL versions 9.1.x through 9.1.11, update to version 9.1.12 or later. For PostgreSQL versions 9.2.x through 9.2.6, update to version 9.2.7 or later. For PostgreSQL versions 9.3.x through 9.3.2, update to version 9.3.3 or later.