CVE-2013-0255

EUVD-2013-0286

13.02.2013, 01:55

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:S/C:N/I:N/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Affected Products (NVD)

Vendor	Product	Version
postgresql	postgresql	8.3
postgresql	postgresql	8.3.1
postgresql	postgresql	8.3.2
postgresql	postgresql	8.3.3
postgresql	postgresql	8.3.4
postgresql	postgresql	8.3.5
postgresql	postgresql	8.3.6
postgresql	postgresql	8.3.7
postgresql	postgresql	8.3.8
postgresql	postgresql	8.3.9
postgresql	postgresql	8.3.10
postgresql	postgresql	8.3.11
postgresql	postgresql	8.3.12
postgresql	postgresql	8.3.13
postgresql	postgresql	8.3.14
postgresql	postgresql	8.3.15
postgresql	postgresql	8.3.16
postgresql	postgresql	8.3.17
postgresql	postgresql	8.3.18
postgresql	postgresql	8.3.19
postgresql	postgresql	8.3.20
postgresql	postgresql	8.3.21
postgresql	postgresql	8.3.22
postgresql	postgresql	8.4
postgresql	postgresql	8.4.1
postgresql	postgresql	8.4.2
postgresql	postgresql	8.4.3
postgresql	postgresql	8.4.4
postgresql	postgresql	8.4.5
postgresql	postgresql	8.4.6
postgresql	postgresql	8.4.7
postgresql	postgresql	8.4.8
postgresql	postgresql	8.4.9
postgresql	postgresql	8.4.10
postgresql	postgresql	8.4.11
postgresql	postgresql	8.4.12
postgresql	postgresql	8.4.13
postgresql	postgresql	8.4.14
postgresql	postgresql	8.4.15
postgresql	postgresql	9.0
postgresql	postgresql	9.0.1
postgresql	postgresql	9.0.2
postgresql	postgresql	9.0.3
postgresql	postgresql	9.0.4
postgresql	postgresql	9.0.5
postgresql	postgresql	9.0.6
postgresql	postgresql	9.0.7
postgresql	postgresql	9.0.8
postgresql	postgresql	9.0.9
postgresql	postgresql	9.0.10
postgresql	postgresql	9.0.11
postgresql	postgresql	9.1
postgresql	postgresql	9.1.1
postgresql	postgresql	9.1.2
postgresql	postgresql	9.1.3
postgresql	postgresql	9.1.4
postgresql	postgresql	9.1.5
postgresql	postgresql	9.1.6
postgresql	postgresql	9.1.7

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

postgresql-8.2

hardy	ignored
lucid	dne
oneiric	dne
precise	dne
quantal	dne
raring	dne

postgresql-8.3

hardy	Fixed 8.3.23-0ubuntu8.04 released
lucid	dne
oneiric	dne
precise	dne
quantal	dne
raring	dne

postgresql-8.4

hardy	dne
lucid	Fixed 8.4.16-0ubuntu10.04 released
oneiric	ignored
precise	Fixed 8.4.16-0ubuntu12.04 released
quantal	dne
raring	dne

postgresql-9.1

hardy	dne
lucid	dne
oneiric	Fixed 9.1.8-0ubuntu11.10 released
precise	Fixed 9.1.8-0ubuntu12.04 released
quantal	Fixed 9.1.8-0ubuntu12.10 released
raring	not-affected