ID CVE-2002-1397
Summary Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:postgresql:postgresql:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:6.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:6.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:6.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2003:001
refmap via4
bid 5497
bugtraq 20020819 @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL
conectiva CLA-2002:524
misc http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52
secunia 8034
xf postgresql-cashwords-bo(9891)
Last major update 11-07-2017 - 01:29
Published 17-01-2003 - 05:00
Last modified 11-07-2017 - 01:29
Back to Top