PostgreSQL 'intarray' Module 'gettoken()' Buffer Overflow Vulnerability Network Vulnerability

Summary

PostgreSQL is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. The issue affects the 'intarray' module. An authenticated attacker can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. The issue affect versions prior to 8.2.20, 8.3.14, 8.4.7, and 9.0.3.

Solution

Updates are available. Please see the references for more information.

References

http://www.postgresql.org/
http://www.postgresql.org/about/news.1289
https://www.securityfocus.com/bid/46084

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4015
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

PostgreSQL Multiple Integer Overflow Vulnerabilities July14 (Windows)
Oracle MySQL Multiple Unspecified vulnerabilities - 02 Jan14 (Windows)
Oracle MySQL Multiple Unspecified vulnerabilities - 01 May14 (Windows)
Oracle MySQL Multiple Unspecified vulnerabilities - 04 May14 (Windows)
Oracle MySQL Server Multiple Vulnerabilities-04 Nov12 (Windows)

Take action and discover your vulnerabilities