PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Postgresql | Postgresql | 7.4.24 (including) | 7.4.24 (including) |
Postgresql | Postgresql | 8.0.20 (including) | 8.0.20 (including) |
Postgresql | Postgresql | 8.1.16 (including) | 8.1.16 (including) |
Postgresql | Postgresql | 8.2.12 (including) | 8.2.12 (including) |
Postgresql | Postgresql | 8.3.6 (including) | 8.3.6 (including) |
Red Hat Enterprise Linux 4 | RedHat | postgresql-0:7.4.26-1.el4_8.1 | * |
Red Hat Enterprise Linux 5 | RedHat | postgresql-0:8.1.18-2.el5_4.1 | * |
Postgresql-7.4 | Ubuntu | dapper | * |
Postgresql-8.0 | Ubuntu | dapper | * |
Postgresql-8.0 | Ubuntu | upstream | * |
Postgresql-8.1 | Ubuntu | dapper | * |
Postgresql-8.1 | Ubuntu | gutsy | * |
Postgresql-8.1 | Ubuntu | upstream | * |
Postgresql-8.2 | Ubuntu | gutsy | * |
Postgresql-8.2 | Ubuntu | hardy | * |
Postgresql-8.2 | Ubuntu | upstream | * |
Postgresql-8.3 | Ubuntu | hardy | * |
Postgresql-8.3 | Ubuntu | intrepid | * |
Postgresql-8.3 | Ubuntu | upstream | * |