CVE-2014-0064

EUVD-2014-0157
Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow.  NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
postgresqlpostgresql
𝑥
≤ 8.4.19
postgresqlpostgresql
8.4.1
postgresqlpostgresql
8.4.2
postgresqlpostgresql
8.4.3
postgresqlpostgresql
8.4.4
postgresqlpostgresql
8.4.5
postgresqlpostgresql
8.4.6
postgresqlpostgresql
8.4.7
postgresqlpostgresql
8.4.8
postgresqlpostgresql
8.4.9
postgresqlpostgresql
8.4.10
postgresqlpostgresql
8.4.11
postgresqlpostgresql
8.4.12
postgresqlpostgresql
8.4.13
postgresqlpostgresql
8.4.14
postgresqlpostgresql
8.4.15
postgresqlpostgresql
8.4.16
postgresqlpostgresql
8.4.17
postgresqlpostgresql
8.4.18
postgresqlpostgresql
9.0
postgresqlpostgresql
9.0.1
postgresqlpostgresql
9.0.2
postgresqlpostgresql
9.0.3
postgresqlpostgresql
9.0.4
postgresqlpostgresql
9.0.5
postgresqlpostgresql
9.0.6
postgresqlpostgresql
9.0.7
postgresqlpostgresql
9.0.8
postgresqlpostgresql
9.0.9
postgresqlpostgresql
9.0.10
postgresqlpostgresql
9.0.11
postgresqlpostgresql
9.0.12
postgresqlpostgresql
9.0.13
postgresqlpostgresql
9.0.14
postgresqlpostgresql
9.0.15
postgresqlpostgresql
9.1
postgresqlpostgresql
9.1.1
postgresqlpostgresql
9.1.2
postgresqlpostgresql
9.1.3
postgresqlpostgresql
9.1.4
postgresqlpostgresql
9.1.5
postgresqlpostgresql
9.1.6
postgresqlpostgresql
9.1.7
postgresqlpostgresql
9.1.8
postgresqlpostgresql
9.1.9
postgresqlpostgresql
9.1.10
postgresqlpostgresql
9.1.11
postgresqlpostgresql
9.2
postgresqlpostgresql
9.2.1
postgresqlpostgresql
9.2.2
postgresqlpostgresql
9.2.3
postgresqlpostgresql
9.2.4
postgresqlpostgresql
9.2.5
postgresqlpostgresql
9.2.6
postgresqlpostgresql
9.3
postgresqlpostgresql
9.3.1
postgresqlpostgresql
9.3.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-8.4
lucid
Fixed 8.4.20-0ubuntu010.04
released
precise
Fixed 8.4.22-0ubuntu0.12.04
released
quantal
dne
saucy
dne
trusty
dne
utopic
dne
postgresql-9.1
lucid
dne
precise
Fixed 9.1.12-0ubuntu0.12.04
released
quantal
Fixed 9.1.12-0ubuntu0.12.10
released
saucy
Fixed 9.1.12-0ubuntu0.13.10
released
trusty
Fixed 9.1.12-1
released
utopic
dne
postgresql-9.3
lucid
dne
precise
dne
quantal
dne
saucy
dne
trusty
Fixed 9.3.3-1
released
utopic
dne
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html
http://rhn.redhat.com/errata/RHSA-2014-0211.html
http://rhn.redhat.com/errata/RHSA-2014-0221.html
http://rhn.redhat.com/errata/RHSA-2014-0249.html
http://rhn.redhat.com/errata/RHSA-2014-0469.html
http://secunia.com/advisories/61307
http://support.apple.com/kb/HT6448
http://wiki.postgresql.org/wiki/20140220securityrelease
http://www.debian.org/security/2014/dsa-2864
http://www.debian.org/security/2014/dsa-2865
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.postgresql.org/about/news/1506/
http://www.postgresql.org/support/security/
http://www.securityfocus.com/bid/65725
http://www.ubuntu.com/usn/USN-2120-1
https://bugzilla.redhat.com/show_bug.cgi?id=1065230
https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a
https://support.apple.com/kb/HT6536
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html
http://rhn.redhat.com/errata/RHSA-2014-0211.html
http://rhn.redhat.com/errata/RHSA-2014-0221.html
http://rhn.redhat.com/errata/RHSA-2014-0249.html
http://rhn.redhat.com/errata/RHSA-2014-0469.html
http://secunia.com/advisories/61307
http://support.apple.com/kb/HT6448
http://wiki.postgresql.org/wiki/20140220securityrelease
http://www.debian.org/security/2014/dsa-2864
http://www.debian.org/security/2014/dsa-2865
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.postgresql.org/about/news/1506/
http://www.postgresql.org/support/security/
http://www.securityfocus.com/bid/65725
http://www.ubuntu.com/usn/USN-2120-1
https://bugzilla.redhat.com/show_bug.cgi?id=1065230
https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a
https://support.apple.com/kb/HT6536