David Kovalsky

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 8.0.23 through 8.3.8 **Description** The issue allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving a negative integer in the third argument of the `bitsubstr` function in `backend/utils/adt/varbit.c`, as demonstrated by a SELECT statement that contains a call to the `substring` function for a bit string, related to an "overflow." **Recommendations** For versions 8.0.23, 8.1.11, and 8.3.8, consider disabling the `bitsubstr` function in `backend/utils/adt/varbit.c` to prevent exploitation until a patch is available. Restrict access to the `substring` function for bit strings to minimize the risk of denial of service or other impacts. Avoid using negative integers in the third argument of the `bitsubstr` function to prevent potential overflows.