Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2007-0556

Опубликовано: 06 фев. 2007
Источник: nvd
CVSS2: 6.6
EPSS Низкий

Описание

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:postgresql:postgresql:1.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:1.01:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:1.02:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:1.09:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.1.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.17:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.18:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.15:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 82%
0.01918
Низкий

6.6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2007-0556

ubuntu
больше 18 лет назад

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

redhat логотип

CVE-2007-0556

redhat
больше 18 лет назад

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

debian логотип

CVE-2007-0556

debian
больше 18 лет назад

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8 ...

github логотип

GHSA-c63f-g8cg-38ww

github
около 3 лет назад

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

oracle-oval логотип

ELSA-2007-0336

oracle-oval
около 18 лет назад

ELSA-2007-0336: Moderate: postgresql security update (MODERATE)

EPSS

Процентиль: 82%
0.01918
Низкий

6.6 Medium

CVSS2

Дефекты

NVD-CWE-Other