CVE-2013-0255: Input Validation
First published: Tue Feb 05 2013(Updated: )
An array index error, leading to out of heap-based buffer bounds read flaw was found in the way PostgreSQL, an advanced Object-Relational database management system (DBMS), performed retrieval of textual form of error message representation when processing certain enumeration types. An unprivileged database user could issue a specially-crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to denial of service (daemon crash) or disclosure (of certain portions of) server memory.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/PostgreSQL | <9.2.3 | 9.2.3 |
| redhat/PostgreSQL | <9.1.8 | 9.1.8 |
| redhat/PostgreSQL | <9.0.12 | 9.0.12 |
| redhat/PostgreSQL | <8.4.16 | 8.4.16 |
| redhat/PostgreSQL | <8.3.23 | 8.3.23 |
| PostgreSQL PostgreSQL | =8.3 | |
| PostgreSQL PostgreSQL | =8.3.1 | |
| PostgreSQL PostgreSQL | =8.3.2 | |
| PostgreSQL PostgreSQL | =8.3.3 | |
| PostgreSQL PostgreSQL | =8.3.4 | |
| PostgreSQL PostgreSQL | =8.3.5 | |
| PostgreSQL PostgreSQL | =8.3.6 | |
| PostgreSQL PostgreSQL | =8.3.7 | |
| PostgreSQL PostgreSQL | =8.3.8 | |
| PostgreSQL PostgreSQL | =8.3.9 | |
| PostgreSQL PostgreSQL | =8.3.10 | |
| PostgreSQL PostgreSQL | =8.3.11 | |
| PostgreSQL PostgreSQL | =8.3.12 | |
| PostgreSQL PostgreSQL | =8.3.13 | |
| PostgreSQL PostgreSQL | =8.3.14 | |
| PostgreSQL PostgreSQL | =8.3.15 | |
| PostgreSQL PostgreSQL | =8.3.16 | |
| PostgreSQL PostgreSQL | =8.3.17 | |
| PostgreSQL PostgreSQL | =8.3.18 | |
| PostgreSQL PostgreSQL | =8.3.19 | |
| PostgreSQL PostgreSQL | =8.3.20 | |
| PostgreSQL PostgreSQL | =8.3.21 | |
| PostgreSQL PostgreSQL | =8.3.22 | |
| PostgreSQL PostgreSQL | =8.4 | |
| PostgreSQL PostgreSQL | =8.4.1 | |
| PostgreSQL PostgreSQL | =8.4.2 | |
| PostgreSQL PostgreSQL | =8.4.3 | |
| PostgreSQL PostgreSQL | =8.4.4 | |
| PostgreSQL PostgreSQL | =8.4.5 | |
| PostgreSQL PostgreSQL | =8.4.6 | |
| PostgreSQL PostgreSQL | =8.4.7 | |
| PostgreSQL PostgreSQL | =8.4.8 | |
| PostgreSQL PostgreSQL | =8.4.9 | |
| PostgreSQL PostgreSQL | =8.4.10 | |
| PostgreSQL PostgreSQL | =8.4.11 | |
| PostgreSQL PostgreSQL | =8.4.12 | |
| PostgreSQL PostgreSQL | =8.4.13 | |
| PostgreSQL PostgreSQL | =8.4.14 | |
| PostgreSQL PostgreSQL | =8.4.15 | |
| PostgreSQL PostgreSQL | =9.0 | |
| PostgreSQL PostgreSQL | =9.0.1 | |
| PostgreSQL PostgreSQL | =9.0.2 | |
| PostgreSQL PostgreSQL | =9.0.3 | |
| PostgreSQL PostgreSQL | =9.0.4 | |
| PostgreSQL PostgreSQL | =9.0.5 | |
| PostgreSQL PostgreSQL | =9.0.6 | |
| PostgreSQL PostgreSQL | =9.0.7 | |
| PostgreSQL PostgreSQL | =9.0.8 | |
| PostgreSQL PostgreSQL | =9.0.9 | |
| PostgreSQL PostgreSQL | =9.0.10 | |
| PostgreSQL PostgreSQL | =9.0.11 | |
| PostgreSQL PostgreSQL | =9.1 | |
| PostgreSQL PostgreSQL | =9.1.1 | |
| PostgreSQL PostgreSQL | =9.1.2 | |
| PostgreSQL PostgreSQL | =9.1.3 | |
| PostgreSQL PostgreSQL | =9.1.4 | |
| PostgreSQL PostgreSQL | =9.1.5 | |
| PostgreSQL PostgreSQL | =9.1.6 | |
| PostgreSQL PostgreSQL | =9.1.7 | |
| PostgreSQL PostgreSQL | =9.2 | |
| PostgreSQL PostgreSQL | =9.2.1 | |
| PostgreSQL PostgreSQL | =9.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.postgresql.org/support/security/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=908722
- https://access.redhat.com/security/updates/classification/
- http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=ab0f7b6089fd215f6ce6081e2e222c38d643a526
- http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=71627f3d1964ef9831ea7997d2f4ac5617c718cc
- https://rhn.redhat.com/errata/RHSA-2013-1475.html
- https://bugzilla.redhat.com/show_bug.cgi?id=907892
- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html
- http://osvdb.org/89935
- http://rhn.redhat.com/errata/RHSA-2013-1475.html
- http://secunia.com/advisories/51923
- http://secunia.com/advisories/52819
- http://securitytracker.com/id?1028092
- http://www.debian.org/security/2013/dsa-2630
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.postgresql.org/docs/8.3/static/release-8-3-23.html
- http://www.postgresql.org/docs/8.4/static/release-8-4-16.html
- http://www.postgresql.org/docs/9.0/static/release-9-0-12.html
- http://www.postgresql.org/docs/9.1/static/release-9-1-8.html
- http://www.postgresql.org/docs/9.2/static/release-9-2-3.html
- http://www.securityfocus.com/bid/57844
- http://www.ubuntu.com/usn/USN-1717-1
- https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81917
- agent/type
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-0255
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/postgresql
- canonical/postgresql postgresql
- version/postgresql postgresql/8.3
- version/postgresql postgresql/8.3.1
- version/postgresql postgresql/8.3.2
- version/postgresql postgresql/8.3.3
- version/postgresql postgresql/8.3.4
- version/postgresql postgresql/8.3.5
- version/postgresql postgresql/8.3.6
- version/postgresql postgresql/8.3.7
- version/postgresql postgresql/8.3.8
- version/postgresql postgresql/8.3.9
- version/postgresql postgresql/8.3.10
- version/postgresql postgresql/8.3.11
- version/postgresql postgresql/8.3.12
- version/postgresql postgresql/8.3.13
- version/postgresql postgresql/8.3.14
- version/postgresql postgresql/8.3.15
- version/postgresql postgresql/8.3.16
- version/postgresql postgresql/8.3.17
- version/postgresql postgresql/8.3.18
- version/postgresql postgresql/8.3.19
- version/postgresql postgresql/8.3.20
- version/postgresql postgresql/8.3.21
- version/postgresql postgresql/8.3.22
- version/postgresql postgresql/8.4
- version/postgresql postgresql/8.4.1
- version/postgresql postgresql/8.4.2
- version/postgresql postgresql/8.4.3
- version/postgresql postgresql/8.4.4
- version/postgresql postgresql/8.4.5
- version/postgresql postgresql/8.4.6
- version/postgresql postgresql/8.4.7
- version/postgresql postgresql/8.4.8
- version/postgresql postgresql/8.4.9
- version/postgresql postgresql/8.4.10
- version/postgresql postgresql/8.4.11
- version/postgresql postgresql/8.4.12
- version/postgresql postgresql/8.4.13
- version/postgresql postgresql/8.4.14
- version/postgresql postgresql/8.4.15
- version/postgresql postgresql/9.0
- version/postgresql postgresql/9.0.1
- version/postgresql postgresql/9.0.2
- version/postgresql postgresql/9.0.3
- version/postgresql postgresql/9.0.4
- version/postgresql postgresql/9.0.5
- version/postgresql postgresql/9.0.6
- version/postgresql postgresql/9.0.7
- version/postgresql postgresql/9.0.8
- version/postgresql postgresql/9.0.9
- version/postgresql postgresql/9.0.10
- version/postgresql postgresql/9.0.11
- version/postgresql postgresql/9.1
- version/postgresql postgresql/9.1.1
- version/postgresql postgresql/9.1.2
- version/postgresql postgresql/9.1.3
- version/postgresql postgresql/9.1.4
- version/postgresql postgresql/9.1.5
- version/postgresql postgresql/9.1.6
- version/postgresql postgresql/9.1.7
- version/postgresql postgresql/9.2
- version/postgresql postgresql/9.2.1
- version/postgresql postgresql/9.2.2
- package-manager/redhat