CVE-2010-0442

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.0.23 through 8.3.8

Description The issue allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving a negative integer in the third argument of the bitsubstr function in backend/utils/adt/varbit.c, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."

Recommendations For versions 8.0.23, 8.1.11, and 8.3.8, consider disabling the bitsubstr function in backend/utils/adt/varbit.c to prevent exploitation until a patch is available. Restrict access to the substring function for bit strings to minimize the risk of denial of service or other impacts. Avoid using negative integers in the third argument of the bitsubstr function to prevent potential overflows.