First published: Wed Jan 09 2008(Updated: )
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
PostgreSQL | =7.3 | |
PostgreSQL | =7.3.1 | |
PostgreSQL | =7.3.2 | |
PostgreSQL | =7.3.3 | |
PostgreSQL | =7.3.4 | |
PostgreSQL | =7.3.6 | |
PostgreSQL | =7.3.8 | |
PostgreSQL | =7.3.9 | |
PostgreSQL | =7.3.10 | |
PostgreSQL | =7.3.11 | |
PostgreSQL | =7.3.12 | |
PostgreSQL | =7.3.13 | |
PostgreSQL | =7.3.14 | |
PostgreSQL | =7.3.15 | |
PostgreSQL | =7.3.16 | |
PostgreSQL | =7.3.19 | |
PostgreSQL | =7.4 | |
PostgreSQL | =7.4.1 | |
PostgreSQL | =7.4.2 | |
PostgreSQL | =7.4.3 | |
PostgreSQL | =7.4.4 | |
PostgreSQL | =7.4.5 | |
PostgreSQL | =7.4.6 | |
PostgreSQL | =7.4.7 | |
PostgreSQL | =7.4.8 | |
PostgreSQL | =7.4.9 | |
PostgreSQL | =7.4.10 | |
PostgreSQL | =7.4.11 | |
PostgreSQL | =7.4.12 | |
PostgreSQL | =7.4.13 | |
PostgreSQL | =7.4.14 | |
PostgreSQL | =7.4.16 | |
PostgreSQL | =7.4.17 | |
PostgreSQL | =8.0 | |
PostgreSQL | =8.0.1 | |
PostgreSQL | =8.0.2 | |
PostgreSQL | =8.0.3 | |
PostgreSQL | =8.0.4 | |
PostgreSQL | =8.0.5 | |
PostgreSQL | =8.0.7 | |
PostgreSQL | =8.0.8 | |
PostgreSQL | =8.0.9 | |
PostgreSQL | =8.0.11 | |
PostgreSQL | =8.0.13 | |
PostgreSQL | =8.0.317 | |
PostgreSQL | =8.1.1 | |
PostgreSQL | =8.1.3 | |
PostgreSQL | =8.1.4 | |
PostgreSQL | =8.1.5 | |
PostgreSQL | =8.1.7 | |
PostgreSQL | =8.1.8 | |
PostgreSQL | =8.1.9 | |
PostgreSQL | =8.2 | |
PostgreSQL | =8.2.2 | |
PostgreSQL | =8.2.3 | |
PostgreSQL | =8.2.4 | |
SUSE Tcl/Tk | <=8.4.16 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-4769 has a severity rating that indicates it can lead to a denial of service due to backend crashes.
To fix CVE-2007-4769, upgrade to PostgreSQL versions 8.4.17 or higher and Tcl versions beyond 8.4.16.
CVE-2007-4769 affects various versions of PostgreSQL including 7.4, 8.0, 8.1, and 8.2, as well as Tcl versions prior to 8.4.17.
Yes, CVE-2007-4769 can be exploited by remote authenticated users to crash the PostgreSQL backend.
The impact of CVE-2007-4769 is a potential denial of service, causing instability and crashes in PostgreSQL databases.