CVE-2007-4769

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 7.4 through 7.4.18 PostgreSQL versions 8.0 through 8.0.14 PostgreSQL versions 8.1 through 8.1.10 PostgreSQL versions 8.2 through 8.2.5 TCL versions prior to 8.4.17

Description The issue is related to the regular expression parser, which allows remote authenticated users to cause a denial of service, potentially leading to a backend crash. Additionally, vulnerabilities in the regular expression handling libraries can be exploited to cause a backend crash, infinite loops, or memory exhaustion. This can be achieved through frontend applications that allow unfiltered regular expressions to be passed in queries.

Recommendations For PostgreSQL versions 7.4 through 7.4.18, update to version 7.4.19 or later. For PostgreSQL versions 8.0 through 8.0.14, update to version 8.0.15 or later. For PostgreSQL versions 8.1 through 8.1.10, update to version 8.1.11 or later. For PostgreSQL versions 8.2 through 8.2.5, update to version 8.2.6 or later. For TCL versions prior to 8.4.17, update to version 8.4.17 or later. As a temporary workaround, consider restricting access to frontend applications that allow unfiltered regular expressions to be passed in queries until a patch is available.