CVE-2014-2669

Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow. NOTE: this issue was SPLIT from CVE-2014-0064 because it has a different set of affected versions.

Affected Software

Name	Vendor	Start Version	End Version
Postgresql	Postgresql	9.0 (including)	9.0 (including)
Postgresql	Postgresql	9.0.1 (including)	9.0.1 (including)
Postgresql	Postgresql	9.0.2 (including)	9.0.2 (including)
Postgresql	Postgresql	9.0.3 (including)	9.0.3 (including)
Postgresql	Postgresql	9.0.4 (including)	9.0.4 (including)
Postgresql	Postgresql	9.0.5 (including)	9.0.5 (including)
Postgresql	Postgresql	9.0.6 (including)	9.0.6 (including)
Postgresql	Postgresql	9.0.7 (including)	9.0.7 (including)
Postgresql	Postgresql	9.0.8 (including)	9.0.8 (including)
Postgresql	Postgresql	9.0.9 (including)	9.0.9 (including)
Postgresql	Postgresql	9.0.10 (including)	9.0.10 (including)
Postgresql	Postgresql	9.0.11 (including)	9.0.11 (including)
Postgresql	Postgresql	9.0.12 (including)	9.0.12 (including)
Postgresql	Postgresql	9.0.13 (including)	9.0.13 (including)
Postgresql	Postgresql	9.0.14 (including)	9.0.14 (including)
Postgresql	Postgresql	9.0.15 (including)	9.0.15 (including)
Postgresql	Postgresql	9.1 (including)	9.1 (including)
Postgresql	Postgresql	9.1.1 (including)	9.1.1 (including)
Postgresql	Postgresql	9.1.2 (including)	9.1.2 (including)
Postgresql	Postgresql	9.1.3 (including)	9.1.3 (including)
Postgresql	Postgresql	9.1.4 (including)	9.1.4 (including)
Postgresql	Postgresql	9.1.5 (including)	9.1.5 (including)
Postgresql	Postgresql	9.1.6 (including)	9.1.6 (including)
Postgresql	Postgresql	9.1.7 (including)	9.1.7 (including)
Postgresql	Postgresql	9.1.8 (including)	9.1.8 (including)
Postgresql	Postgresql	9.1.9 (including)	9.1.9 (including)
Postgresql	Postgresql	9.1.10 (including)	9.1.10 (including)
Postgresql	Postgresql	9.1.11 (including)	9.1.11 (including)
Postgresql	Postgresql	9.2 (including)	9.2 (including)
Postgresql	Postgresql	9.2.1 (including)	9.2.1 (including)
Postgresql	Postgresql	9.2.2 (including)	9.2.2 (including)
Postgresql	Postgresql	9.2.3 (including)	9.2.3 (including)
Postgresql	Postgresql	9.2.4 (including)	9.2.4 (including)
Postgresql	Postgresql	9.2.5 (including)	9.2.5 (including)
Postgresql	Postgresql	9.3 (including)	9.3 (including)
Postgresql	Postgresql	9.3.1 (including)	9.3.1 (including)
Postgresql	Postgresql	9.3.2 (including)	9.3.2 (including)
CloudForms Management Engine 5.x	RedHat	cfme-0:5.2.3.2-1.el6cf	*
CloudForms Management Engine 5.x	RedHat	postgresql92-postgresql-0:9.2.7-1.1.el6	*
CloudForms Management Engine 5.x	RedHat	prince-0:9.0r2-4.el6cf	*
CloudForms Management Engine 5.x	RedHat	ruby193-rubygem-actionpack-1:3.2.13-6.el6cf	*
Red Hat Software Collections for RHEL-6	RedHat	postgresql92-postgresql-0:9.2.7-1.1.el6	*
Postgresql-8.4	Ubuntu	lucid	*
Postgresql-8.4	Ubuntu	precise	*
Postgresql-8.4	Ubuntu	upstream	*
Postgresql-9.1	Ubuntu	precise	*
Postgresql-9.1	Ubuntu	quantal	*
Postgresql-9.1	Ubuntu	saucy	*
Postgresql-9.1	Ubuntu	trusty	*
Postgresql-9.1	Ubuntu	upstream	*
Postgresql-9.3	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-2669
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References