CVE Vulnerabilities

CVE-2009-0922

Published: Mar 17, 2009 | Modified: Oct 10, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V2
4 LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.

Affected Software

Name Vendor Start Version End Version
Postgresql Postgresql 7.4.24 (including) 7.4.24 (including)
Postgresql Postgresql 8.0.20 (including) 8.0.20 (including)
Postgresql Postgresql 8.1.16 (including) 8.1.16 (including)
Postgresql Postgresql 8.2.12 (including) 8.2.12 (including)
Postgresql Postgresql 8.3.6 (including) 8.3.6 (including)
Red Hat Enterprise Linux 4 RedHat postgresql-0:7.4.26-1.el4_8.1 *
Red Hat Enterprise Linux 5 RedHat postgresql-0:8.1.18-2.el5_4.1 *
Postgresql-7.4 Ubuntu dapper *
Postgresql-8.0 Ubuntu dapper *
Postgresql-8.0 Ubuntu upstream *
Postgresql-8.1 Ubuntu dapper *
Postgresql-8.1 Ubuntu gutsy *
Postgresql-8.1 Ubuntu upstream *
Postgresql-8.2 Ubuntu gutsy *
Postgresql-8.2 Ubuntu hardy *
Postgresql-8.2 Ubuntu upstream *
Postgresql-8.3 Ubuntu hardy *
Postgresql-8.3 Ubuntu intrepid *
Postgresql-8.3 Ubuntu upstream *

References