PT-2009-3509 · Postgresql+1 · Postgresql+1
Vincent Danen
·
Published
2009-03-17
·
Updated
2018-10-10
·
CVE-2009-0922
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
PostgreSQL versions prior to 8.3.7
PostgreSQL versions prior to 8.2.13
PostgreSQL versions prior to 8.1.17
PostgreSQL versions prior to 8.0.21
PostgreSQL versions prior to 7.4.25
Description
The issue allows remote authenticated users to cause a denial of service by triggering a failure in the conversion of a localized error message to a client-specified encoding. This can lead to stack consumption and a crash. A valid login is required to exploit this issue.
Recommendations
For versions prior to 8.3.7, update to version 8.3.7 or later.
For versions prior to 8.2.13, update to version 8.2.13 or later.
For versions prior to 8.1.17, update to version 8.1.17 or later.
For versions prior to 8.0.21, update to version 8.0.21 or later.
For versions prior to 7.4.25, update to version 7.4.25 or later.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Postgresql
Red Hat