CVE-2010-0733: Integer Overflow
First published: Fri Dec 11 2009(Updated: )
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/postgresql | <0:7.4.29-1.el4_8.1 | 0:7.4.29-1.el4_8.1 |
| redhat/postgresql | <0:8.1.21-1.el5_5.1 | 0:8.1.21-1.el5_5.1 |
| PostgreSQL Common | =8.1.10 | |
| PostgreSQL Common | =8.1.6 | |
| PostgreSQL Common | =8.2.9 | |
| PostgreSQL Common | =8.0.7 | |
| PostgreSQL Common | =8.0.2 | |
| PostgreSQL Common | =8.1.15 | |
| PostgreSQL Common | =8.1.7 | |
| PostgreSQL Common | =8.3.6 | |
| PostgreSQL Common | =8.2.10 | |
| PostgreSQL Common | =8.0.22 | |
| PostgreSQL Common | =8.2.15 | |
| PostgreSQL Common | =8.2.4 | |
| PostgreSQL Common | =8.0.17 | |
| PostgreSQL Common | =8.0.10 | |
| PostgreSQL Common | =8.1.20 | |
| PostgreSQL Common | =8.1 | |
| PostgreSQL Common | =8.1.19 | |
| PostgreSQL Common | =8.2.11 | |
| PostgreSQL Common | =8.1.13 | |
| PostgreSQL Common | =8.0.12 | |
| PostgreSQL Common | =8.2.12 | |
| PostgreSQL Common | =8.0.9 | |
| PostgreSQL Common | =8.0.15 | |
| PostgreSQL Common | =8.2.2 | |
| PostgreSQL Common | =8.3.3 | |
| PostgreSQL Common | =8.0.0 | |
| PostgreSQL Common | =8.1.0 | |
| PostgreSQL Common | =8.1.3 | |
| PostgreSQL Common | =8.3.2 | |
| PostgreSQL Common | =8.5 | |
| PostgreSQL Common | =8.0.18 | |
| PostgreSQL Common | =8.2.5 | |
| PostgreSQL Common | =8.0.3 | |
| PostgreSQL Common | =8.0.24 | |
| PostgreSQL Common | =8.1.9 | |
| PostgreSQL Common | =8.4 | |
| PostgreSQL Common | <=8.4.1 | |
| PostgreSQL Common | =8.2.1 | |
| PostgreSQL Common | =8.3.1 | |
| PostgreSQL Common | =8.5-alpha2 | |
| PostgreSQL Common | =8.1.14 | |
| PostgreSQL Common | =8.3.5 | |
| PostgreSQL Common | =8.0.20 | |
| PostgreSQL Common | =8.3.8 | |
| PostgreSQL Common | =8.0.8 | |
| PostgreSQL Common | =8.2.7 | |
| PostgreSQL Common | =8.0.6 | |
| PostgreSQL Common | =8.1.11 | |
| PostgreSQL Common | =8.2.6 | |
| PostgreSQL Common | =8.0.16 | |
| PostgreSQL Common | =8.3.7 | |
| PostgreSQL Common | =8.1.17 | |
| PostgreSQL Common | =8.0.13 | |
| PostgreSQL Common | =8.3.10 | |
| PostgreSQL Common | =8.1.18 | |
| PostgreSQL Common | =8.3 | |
| PostgreSQL Common | =8.1.4 | |
| PostgreSQL Common | =8.0.1 | |
| PostgreSQL Common | =8.1.8 | |
| PostgreSQL Common | =8.3.4 | |
| PostgreSQL Common | =8.0.19 | |
| PostgreSQL Common | =8.1.1 | |
| PostgreSQL Common | =8.1.12 | |
| PostgreSQL Common | =8.1.5 | |
| PostgreSQL Common | =8.0.21 | |
| PostgreSQL Common | =8.1.16 | |
| PostgreSQL Common | =8.2.3 | |
| PostgreSQL Common | =8.0.23 | |
| PostgreSQL Common | =8.5-alpha1 | |
| PostgreSQL Common | =8.3.9 | |
| PostgreSQL Common | =8.2.16 | |
| PostgreSQL Common | =8.0.4 | |
| PostgreSQL Common | =8.0.5 | |
| PostgreSQL Common | =8.0.14 | |
| PostgreSQL Common | =8.2.8 | |
| PostgreSQL Common | =8.2.13 | |
| PostgreSQL Common | =8.2 | |
| PostgreSQL Common | =8.0.11 | |
| PostgreSQL Common | =8.0.317 | |
| PostgreSQL Common | =8.0 | |
| PostgreSQL Common | =8.2.14 | |
| PostgreSQL Common | =8.1.2 | |
| PostgreSQL Common | =8.0.24 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php
- http://www.openwall.com/lists/oss-security/2010/03/09/2
- https://bugzilla.redhat.com/show_bug.cgi?id=546621
- http://www.openwall.com/lists/oss-security/2010/03/16/10
- http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php
- http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php
- http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php
- http://www.redhat.com/support/errata/RHSA-2010-0428.html
- http://www.redhat.com/support/errata/RHSA-2010-0427.html
- http://www.redhat.com/support/errata/RHSA-2010-0429.html
- http://www.securityfocus.com/bid/38619
- http://secunia.com/advisories/39820
- http://www.vupen.com/english/advisories/2010/1197
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10691
- http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=64b057e6823655fb6c5d1f24a28f236b94dd6c54
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=377733&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=377733&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=546621#c0
- http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=64b057e6823655fb6c5d1f24a28f236b94dd6c54
- https://access.redhat.com/security/cve/CVE-2010-0733
- https://rhn.redhat.com/errata/RHSA-2010-0427.html
- https://rhn.redhat.com/errata/RHSA-2010-0428.html
- https://rhn.redhat.com/errata/RHSA-2010-0429.html
- https://www.cve.org/CVERecord?id=CVE-2010-0733 https://nvd.nist.gov/vuln/detail/CVE-2010-0733
- https://access.redhat.com/errata/RHSA-2010:0427
- https://access.redhat.com/errata/RHSA-2010:0428
- https://access.redhat.com/errata/RHSA-2010:0429
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0733.json
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2010-0733?
CVE-2010-0733 has a medium severity level as it allows remote authenticated users to cause denial of service through specific SQL queries.
How do I fix CVE-2010-0733?
To fix CVE-2010-0733, upgrade to PostgreSQL version 8.4.2 or later, as these versions include the necessary patches.
Which PostgreSQL versions are affected by CVE-2010-0733?
CVE-2010-0733 affects PostgreSQL versions 8.4.1 and earlier, as well as 8.5 through 8.5alpha2.
What type of vulnerability is CVE-2010-0733?
CVE-2010-0733 is classified as an integer overflow vulnerability leading to a denial of service.
Can CVE-2010-0733 be exploited without authentication?
No, CVE-2010-0733 requires remote authenticated users to exploit the vulnerability.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-0733
- agent/references
- agent/author
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- collector/redhat-cve
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- vendor/postgresql
- canonical/postgresql common
- version/postgresql common/8.1.10
- version/postgresql common/8.1.6
- version/postgresql common/8.2.9
- version/postgresql common/8.0.7
- version/postgresql common/8.0.2
- version/postgresql common/8.1.15
- version/postgresql common/8.1.7
- version/postgresql common/8.3.6
- version/postgresql common/8.2.10
- version/postgresql common/8.0.22
- version/postgresql common/8.2.15
- version/postgresql common/8.2.4
- version/postgresql common/8.0.17
- version/postgresql common/8.0.10
- version/postgresql common/8.1.20
- version/postgresql common/8.1
- version/postgresql common/8.1.19
- version/postgresql common/8.2.11
- version/postgresql common/8.1.13
- version/postgresql common/8.0.12
- version/postgresql common/8.2.12
- version/postgresql common/8.0.9
- version/postgresql common/8.0.15
- version/postgresql common/8.2.2
- version/postgresql common/8.3.3
- version/postgresql common/8.0.0
- version/postgresql common/8.1.0
- version/postgresql common/8.1.3
- version/postgresql common/8.3.2
- version/postgresql common/8.5
- version/postgresql common/8.0.18
- version/postgresql common/8.2.5
- version/postgresql common/8.0.3
- version/postgresql common/8.0.24
- version/postgresql common/8.1.9
- version/postgresql common/8.4
- version/postgresql common/8.4.1
- version/postgresql common/8.2.1
- version/postgresql common/8.3.1
- version/postgresql common/8.5-alpha2
- version/postgresql common/8.1.14
- version/postgresql common/8.3.5
- version/postgresql common/8.0.20
- version/postgresql common/8.3.8
- version/postgresql common/8.0.8
- version/postgresql common/8.2.7
- version/postgresql common/8.0.6
- version/postgresql common/8.1.11
- version/postgresql common/8.2.6
- version/postgresql common/8.0.16
- version/postgresql common/8.3.7
- version/postgresql common/8.1.17
- version/postgresql common/8.0.13
- version/postgresql common/8.3.10
- version/postgresql common/8.1.18
- version/postgresql common/8.3
- version/postgresql common/8.1.4
- version/postgresql common/8.0.1
- version/postgresql common/8.1.8
- version/postgresql common/8.3.4
- version/postgresql common/8.0.19
- version/postgresql common/8.1.1
- version/postgresql common/8.1.12
- version/postgresql common/8.1.5
- version/postgresql common/8.0.21
- version/postgresql common/8.1.16
- version/postgresql common/8.2.3
- version/postgresql common/8.0.23
- version/postgresql common/8.5-alpha1
- version/postgresql common/8.3.9
- version/postgresql common/8.2.16
- version/postgresql common/8.0.4
- version/postgresql common/8.0.5
- version/postgresql common/8.0.14
- version/postgresql common/8.2.8
- version/postgresql common/8.2.13
- version/postgresql common/8.2
- version/postgresql common/8.0.11
- version/postgresql common/8.0.317
- version/postgresql common/8.0
- version/postgresql common/8.2.14
- version/postgresql common/8.1.2