CVE - CVE-2010-0442

CVE-ID
CVE-2010-0442	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1023510 URL:http://securitytracker.com/id?1023510 MISC:37973 URL:http://www.securityfocus.com/bid/37973 MISC:39566 URL:http://secunia.com/advisories/39566 MISC:39820 URL:http://secunia.com/advisories/39820 MISC:39939 URL:http://secunia.com/advisories/39939 MISC:ADV-2010-1022 URL:~~http://www.vupen.com/english/advisories/2010/1022~~ (Obsolete source) MISC:ADV-2010-1197 URL:~~http://www.vupen.com/english/advisories/2010/1197~~ (Obsolete source) MISC:ADV-2010-1207 URL:~~http://www.vupen.com/english/advisories/2010/1207~~ (Obsolete source) MISC:ADV-2010-1221 URL:~~http://www.vupen.com/english/advisories/2010/1221~~ (Obsolete source) MISC:DSA-2051 URL:http://www.debian.org/security/2010/dsa-2051 MISC:MDVSA-2010:103 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:103~~ (Obsolete source) MISC:RHSA-2010:0427 URL:http://www.redhat.com/support/errata/RHSA-2010-0427.html MISC:RHSA-2010:0428 URL:http://www.redhat.com/support/errata/RHSA-2010-0428.html MISC:RHSA-2010:0429 URL:http://www.redhat.com/support/errata/RHSA-2010-0429.html MISC:USN-933-1 URL:http://ubuntu.com/usn/usn-933-1 MISC:[oss-security] 20100127 Re: CVE id request: postgresql bitsubstr overflow URL:http://www.openwall.com/lists/oss-security/2010/01/27/5 MISC:[pgsql-committers] 20100107 pgsql: Make bit/varbit substring() treat any negative length as meaning URL:http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php MISC:[pgsql-hackers] 20100107 Re: Patch: Allow substring/replace() to get/set bit values URL:http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058 URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058 MISC:http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12 URL:http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12 MISC:http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83 URL:http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83 MISC:http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html URL:http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=559194 URL:https://bugzilla.redhat.com/show_bug.cgi?id=559194 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=559259 URL:https://bugzilla.redhat.com/show_bug.cgi?id=559259 MISC:oval:org.mitre.oval:def:9720 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720 MISC:postgresql-substring-bo(55902) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55902
Assigning CNA
Red Hat, Inc.
Date Record Created
20100127	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100127)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)