Description

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."

Remediation

References

CVE-2010-0442

Related Vulnerabilities

MySQL CVE-2015-4769 Vulnerability (CVE-2015-4769)

WordPress Plugin Merge+Minify+Refresh Cross-Site Request Forgery (1.10.6)

Drupal Core 8.3.0 Security Bypass (8.3.0)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.5.8.1)

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (6.2.03)

Severity

Medium

Classification

CVE-2010-0442

Tags

Missing Update Known Vulnerabilities