CVE - CVE-2010-0442

CVE-ID
CVE-2010-0442	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[oss-security] 20100127 Re: CVE id request: postgresql bitsubstr overflow URL:http://www.openwall.com/lists/oss-security/2010/01/27/5 MLIST:[pgsql-committers] 20100107 pgsql: Make bit/varbit substring() treat any negative length as meaning URL:http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php MLIST:[pgsql-hackers] 20100107 Re: Patch: Allow substring/replace() to get/set bit values URL:http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058 MISC:http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html CONFIRM:http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=75dea10196c31d98d98c0bafeeb576ae99c09b12 CONFIRM:http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=b15087cb39ca9e4bde3c8920fcee3741045d2b83 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=559194 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=559259 DEBIAN:DSA-2051 URL:http://www.debian.org/security/2010/dsa-2051 MANDRIVA:MDVSA-2010:103 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 REDHAT:RHSA-2010:0427 URL:http://www.redhat.com/support/errata/RHSA-2010-0427.html REDHAT:RHSA-2010:0428 URL:http://www.redhat.com/support/errata/RHSA-2010-0428.html REDHAT:RHSA-2010:0429 URL:http://www.redhat.com/support/errata/RHSA-2010-0429.html UBUNTU:USN-933-1 URL:http://ubuntu.com/usn/usn-933-1 BID:37973 URL:http://www.securityfocus.com/bid/37973 OVAL:oval:org.mitre.oval:def:9720 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720 SECTRACK:1023510 URL:http://securitytracker.com/id?1023510 SECUNIA:39566 URL:http://secunia.com/advisories/39566 SECUNIA:39820 URL:http://secunia.com/advisories/39820 SECUNIA:39939 URL:http://secunia.com/advisories/39939 VUPEN:ADV-2010-1022 URL:http://www.vupen.com/english/advisories/2010/1022 VUPEN:ADV-2010-1207 URL:http://www.vupen.com/english/advisories/2010/1207 VUPEN:ADV-2010-1197 URL:http://www.vupen.com/english/advisories/2010/1197 VUPEN:ADV-2010-1221 URL:http://www.vupen.com/english/advisories/2010/1221 XF:postgresql-substring-bo(55902) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55902
Assigning CNA
N/A
Date Entry Created
20100127	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100127)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org