CVE-2005-0245: Buffer Overflow
First published: Tue Feb 01 2005(Updated: )
Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL Common | >=7.3<7.3.10 | |
| PostgreSQL Common | >=7.4<7.4.7 | |
| PostgreSQL Common | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.postgresql.org/pgsql-patches/2005-01/msg00216.php
- http://archives.postgresql.org/pgsql-committers/2005-01/msg00298.php
- http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php
- http://www.debian.org/security/2005/dsa-683
- http://www.redhat.com/support/errata/RHSA-2005-138.html
- http://www.redhat.com/support/errata/RHSA-2005-150.html
- http://secunia.com/advisories/12948
- http://www.novell.com/linux/security/advisories/2005_36_sudo.html
- http://www.securityfocus.com/bid/12417
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
- http://marc.info/?l=bugtraq&m=110806034116082&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19188
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10175
Frequently Asked Questions
What is the severity of CVE-2005-0245?
CVE-2005-0245 has a high severity rating due to its potential to allow arbitrary code execution through a buffer overflow.
How do I fix CVE-2005-0245?
To fix CVE-2005-0245, upgrade your PostgreSQL installation to version 8.0.1 or later, as it includes patches for this vulnerability.
Which versions of PostgreSQL are affected by CVE-2005-0245?
CVE-2005-0245 affects PostgreSQL versions 8.0.0 and earlier, along with versions 7.3.x and 7.4.x below 7.4.8.
What type of vulnerability is CVE-2005-0245?
CVE-2005-0245 is classified as a buffer overflow vulnerability that can lead to heap-based execution of arbitrary code.
How can attackers exploit CVE-2005-0245?
Attackers can exploit CVE-2005-0245 by providing a large number of arguments to a refcursor function, triggering the buffer overflow.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/postgresql
- canonical/postgresql common
- version/postgresql common/7.3
- version/postgresql common/7.4
- version/postgresql common/8.0