CVE-2013-0255: Input Validation
First published: Tue Feb 05 2013(Updated: )
An array index error, leading to out of heap-based buffer bounds read flaw was found in the way PostgreSQL, an advanced Object-Relational database management system (DBMS), performed retrieval of textual form of error message representation when processing certain enumeration types. An unprivileged database user could issue a specially-crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to denial of service (daemon crash) or disclosure (of certain portions of) server memory.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/PostgreSQL | <9.2.3 | 9.2.3 |
| redhat/PostgreSQL | <9.1.8 | 9.1.8 |
| redhat/PostgreSQL | <9.0.12 | 9.0.12 |
| redhat/PostgreSQL | <8.4.16 | 8.4.16 |
| redhat/PostgreSQL | <8.3.23 | 8.3.23 |
| PostgreSQL Common | =8.3 | |
| PostgreSQL Common | =8.3.1 | |
| PostgreSQL Common | =8.3.2 | |
| PostgreSQL Common | =8.3.3 | |
| PostgreSQL Common | =8.3.4 | |
| PostgreSQL Common | =8.3.5 | |
| PostgreSQL Common | =8.3.6 | |
| PostgreSQL Common | =8.3.7 | |
| PostgreSQL Common | =8.3.8 | |
| PostgreSQL Common | =8.3.9 | |
| PostgreSQL Common | =8.3.10 | |
| PostgreSQL Common | =8.3.11 | |
| PostgreSQL Common | =8.3.12 | |
| PostgreSQL Common | =8.3.13 | |
| PostgreSQL Common | =8.3.14 | |
| PostgreSQL Common | =8.3.15 | |
| PostgreSQL Common | =8.3.16 | |
| PostgreSQL Common | =8.3.17 | |
| PostgreSQL Common | =8.3.18 | |
| PostgreSQL Common | =8.3.19 | |
| PostgreSQL Common | =8.3.20 | |
| PostgreSQL Common | =8.3.21 | |
| PostgreSQL Common | =8.3.22 | |
| PostgreSQL Common | =8.4 | |
| PostgreSQL Common | =8.4.1 | |
| PostgreSQL Common | =8.4.2 | |
| PostgreSQL Common | =8.4.3 | |
| PostgreSQL Common | =8.4.4 | |
| PostgreSQL Common | =8.4.5 | |
| PostgreSQL Common | =8.4.6 | |
| PostgreSQL Common | =8.4.7 | |
| PostgreSQL Common | =8.4.8 | |
| PostgreSQL Common | =8.4.9 | |
| PostgreSQL Common | =8.4.10 | |
| PostgreSQL Common | =8.4.11 | |
| PostgreSQL Common | =8.4.12 | |
| PostgreSQL Common | =8.4.13 | |
| PostgreSQL Common | =8.4.14 | |
| PostgreSQL Common | =8.4.15 | |
| PostgreSQL Common | =9.0 | |
| PostgreSQL Common | =9.0.1 | |
| PostgreSQL Common | =9.0.2 | |
| PostgreSQL Common | =9.0.3 | |
| PostgreSQL Common | =9.0.4 | |
| PostgreSQL Common | =9.0.5 | |
| PostgreSQL Common | =9.0.6 | |
| PostgreSQL Common | =9.0.7 | |
| PostgreSQL Common | =9.0.8 | |
| PostgreSQL Common | =9.0.9 | |
| PostgreSQL Common | =9.0.10 | |
| PostgreSQL Common | =9.0.11 | |
| PostgreSQL Common | =9.1 | |
| PostgreSQL Common | =9.1.1 | |
| PostgreSQL Common | =9.1.2 | |
| PostgreSQL Common | =9.1.3 | |
| PostgreSQL Common | =9.1.4 | |
| PostgreSQL Common | =9.1.5 | |
| PostgreSQL Common | =9.1.6 | |
| PostgreSQL Common | =9.1.7 | |
| PostgreSQL Common | =9.2 | |
| PostgreSQL Common | =9.2.1 | |
| PostgreSQL Common | =9.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.postgresql.org/support/security/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=908722
- https://access.redhat.com/security/updates/classification/
- http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=ab0f7b6089fd215f6ce6081e2e222c38d643a526
- http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=71627f3d1964ef9831ea7997d2f4ac5617c718cc
- https://rhn.redhat.com/errata/RHSA-2013-1475.html
- https://bugzilla.redhat.com/show_bug.cgi?id=907892
- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html
- http://osvdb.org/89935
- http://rhn.redhat.com/errata/RHSA-2013-1475.html
- http://secunia.com/advisories/51923
- http://secunia.com/advisories/52819
- http://securitytracker.com/id?1028092
- http://www.debian.org/security/2013/dsa-2630
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.postgresql.org/docs/8.3/static/release-8-3-23.html
- http://www.postgresql.org/docs/8.4/static/release-8-4-16.html
- http://www.postgresql.org/docs/9.0/static/release-9-0-12.html
- http://www.postgresql.org/docs/9.1/static/release-9-1-8.html
- http://www.postgresql.org/docs/9.2/static/release-9-2-3.html
- http://www.securityfocus.com/bid/57844
- http://www.ubuntu.com/usn/USN-1717-1
- https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81917
Frequently Asked Questions
What is the severity of CVE-2013-0255?
CVE-2013-0255 has been classified with a moderate severity level.
How do I fix CVE-2013-0255?
To fix CVE-2013-0255, upgrade PostgreSQL to versions 9.2.3, 9.1.8, 9.0.12, 8.4.16, or 8.3.23 or later.
What versions of PostgreSQL are affected by CVE-2013-0255?
CVE-2013-0255 affects PostgreSQL versions 8.3 up to 8.3.22, 8.4 up to 8.4.15, 9.0 up to 9.0.11, and 9.1 up to 9.1.7.
Is it safe to use CVE-2013-0255 vulnerable versions in production?
Using vulnerable versions affected by CVE-2013-0255 in production environments is not recommended due to potential security risks.
What can happen if CVE-2013-0255 is exploited?
Exploitation of CVE-2013-0255 can lead to unauthorized access and manipulation of the PostgreSQL database, putting data integrity at risk.
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-0255
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/postgresql
- canonical/postgresql common
- version/postgresql common/8.3
- version/postgresql common/8.3.1
- version/postgresql common/8.3.2
- version/postgresql common/8.3.3
- version/postgresql common/8.3.4
- version/postgresql common/8.3.5
- version/postgresql common/8.3.6
- version/postgresql common/8.3.7
- version/postgresql common/8.3.8
- version/postgresql common/8.3.9
- version/postgresql common/8.3.10
- version/postgresql common/8.3.11
- version/postgresql common/8.3.12
- version/postgresql common/8.3.13
- version/postgresql common/8.3.14
- version/postgresql common/8.3.15
- version/postgresql common/8.3.16
- version/postgresql common/8.3.17
- version/postgresql common/8.3.18
- version/postgresql common/8.3.19
- version/postgresql common/8.3.20
- version/postgresql common/8.3.21
- version/postgresql common/8.3.22
- version/postgresql common/8.4
- version/postgresql common/8.4.1
- version/postgresql common/8.4.2
- version/postgresql common/8.4.3
- version/postgresql common/8.4.4
- version/postgresql common/8.4.5
- version/postgresql common/8.4.6
- version/postgresql common/8.4.7
- version/postgresql common/8.4.8
- version/postgresql common/8.4.9
- version/postgresql common/8.4.10
- version/postgresql common/8.4.11
- version/postgresql common/8.4.12
- version/postgresql common/8.4.13
- version/postgresql common/8.4.14
- version/postgresql common/8.4.15
- version/postgresql common/9.0
- version/postgresql common/9.0.1
- version/postgresql common/9.0.2
- version/postgresql common/9.0.3
- version/postgresql common/9.0.4
- version/postgresql common/9.0.5
- version/postgresql common/9.0.6
- version/postgresql common/9.0.7
- version/postgresql common/9.0.8
- version/postgresql common/9.0.9
- version/postgresql common/9.0.10
- version/postgresql common/9.0.11
- version/postgresql common/9.1
- version/postgresql common/9.1.1
- version/postgresql common/9.1.2
- version/postgresql common/9.1.3
- version/postgresql common/9.1.4
- version/postgresql common/9.1.5
- version/postgresql common/9.1.6
- version/postgresql common/9.1.7
- version/postgresql common/9.2
- version/postgresql common/9.2.1
- version/postgresql common/9.2.2