CVE-2009-0922

Опубликовано: 17 мар. 2009

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.

Комментарий

Per: https://bugzilla.redhat.com/show_bug.cgi?id=488156

"PostgreSQL allows remote authenticated users to cause a momentary denial of service (crash due to stack consumption) when there is a failure to convert a localized error message to the client-specified encoding. In releases 8.3.6, 8.2.12, 8.1.16. 8.0.20, and 7.4.24, a trivial misconfiguration is sufficient to provoke a crash. In older releases it is necessary to select a locale and client encoding for which specific messages fail to translate, and so a given installation may or may not be vulnerable depending on the administrator-determined locale setting.

Releases 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 are secure against all known variants of this issue."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:postgresql:postgresql:7.4.24:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.20:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.16:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08643

Низкий

4 Medium

CVSS2

Дефекты

CWE-399

Связанные уязвимости

CVE-2009-0922

ubuntu

больше 16 лет назад

CVE-2009-0922

redhat

больше 16 лет назад

CVE-2009-0922

debian

больше 16 лет назад

PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows rem ...

GHSA-fj47-2vxw-632j

github

около 3 лет назад

ELSA-2009-1484

oracle-oval

больше 15 лет назад

ELSA-2009-1484: postgresql security update (MODERATE)

EPSS

Процентиль: 92%

0.08643

Низкий

4 Medium

CVSS2

Дефекты

CWE-399