CVE-2014-0064: Buffer Overflow
First published: Fri Feb 14 2014(Updated: )
Multiple integer overflow flaws, leading to buffer overflows, were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash the PostgreSQL server or execute arbitrary code. Acknowledgements: Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Heikki Linnakangas and Noah Misch as the original reporters.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL Common | <=8.4.19 | |
| PostgreSQL Common | =8.4.1 | |
| PostgreSQL Common | =8.4.2 | |
| PostgreSQL Common | =8.4.3 | |
| PostgreSQL Common | =8.4.4 | |
| PostgreSQL Common | =8.4.5 | |
| PostgreSQL Common | =8.4.6 | |
| PostgreSQL Common | =8.4.7 | |
| PostgreSQL Common | =8.4.8 | |
| PostgreSQL Common | =8.4.9 | |
| PostgreSQL Common | =8.4.10 | |
| PostgreSQL Common | =8.4.11 | |
| PostgreSQL Common | =8.4.12 | |
| PostgreSQL Common | =8.4.13 | |
| PostgreSQL Common | =8.4.14 | |
| PostgreSQL Common | =8.4.15 | |
| PostgreSQL Common | =8.4.16 | |
| PostgreSQL Common | =8.4.17 | |
| PostgreSQL Common | =8.4.18 | |
| PostgreSQL Common | =9.0 | |
| PostgreSQL Common | =9.0.1 | |
| PostgreSQL Common | =9.0.2 | |
| PostgreSQL Common | =9.0.3 | |
| PostgreSQL Common | =9.0.4 | |
| PostgreSQL Common | =9.0.5 | |
| PostgreSQL Common | =9.0.6 | |
| PostgreSQL Common | =9.0.7 | |
| PostgreSQL Common | =9.0.8 | |
| PostgreSQL Common | =9.0.9 | |
| PostgreSQL Common | =9.0.10 | |
| PostgreSQL Common | =9.0.11 | |
| PostgreSQL Common | =9.0.12 | |
| PostgreSQL Common | =9.0.13 | |
| PostgreSQL Common | =9.0.14 | |
| PostgreSQL Common | =9.0.15 | |
| PostgreSQL Common | =9.1 | |
| PostgreSQL Common | =9.1.1 | |
| PostgreSQL Common | =9.1.2 | |
| PostgreSQL Common | =9.1.3 | |
| PostgreSQL Common | =9.1.4 | |
| PostgreSQL Common | =9.1.5 | |
| PostgreSQL Common | =9.1.6 | |
| PostgreSQL Common | =9.1.7 | |
| PostgreSQL Common | =9.1.8 | |
| PostgreSQL Common | =9.1.9 | |
| PostgreSQL Common | =9.1.10 | |
| PostgreSQL Common | =9.1.11 | |
| PostgreSQL Common | =9.2 | |
| PostgreSQL Common | =9.2.1 | |
| PostgreSQL Common | =9.2.2 | |
| PostgreSQL Common | =9.2.3 | |
| PostgreSQL Common | =9.2.4 | |
| PostgreSQL Common | =9.2.5 | |
| PostgreSQL Common | =9.2.6 | |
| PostgreSQL Common | =9.3 | |
| PostgreSQL Common | =9.3.1 | |
| PostgreSQL Common | =9.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a
- https://rhn.redhat.com/errata/RHSA-2014-0211.html
- https://rhn.redhat.com/errata/RHSA-2014-0221.html
- https://rhn.redhat.com/errata/RHSA-2014-0249.html
- https://access.redhat.com/security/cve/CVE-2014-2669
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1082154
- https://rhn.redhat.com/errata/RHSA-2014-0469.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1065230
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html
- http://rhn.redhat.com/errata/RHSA-2014-0211.html
- http://rhn.redhat.com/errata/RHSA-2014-0221.html
- http://rhn.redhat.com/errata/RHSA-2014-0249.html
- http://rhn.redhat.com/errata/RHSA-2014-0469.html
- http://secunia.com/advisories/61307
- http://support.apple.com/kb/HT6448
- http://wiki.postgresql.org/wiki/20140220securityrelease
- http://www.debian.org/security/2014/dsa-2864
- http://www.debian.org/security/2014/dsa-2865
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.postgresql.org/about/news/1506/
- http://www.postgresql.org/support/security/
- http://www.securityfocus.com/bid/65725
- http://www.ubuntu.com/usn/USN-2120-1
- https://support.apple.com/kb/HT6536
Frequently Asked Questions
What is the severity of CVE-2014-0064?
CVE-2014-0064 is classified as a high severity vulnerability due to the potential for remote code execution and denial of service.
How do I fix CVE-2014-0064?
To remediate CVE-2014-0064, upgrade PostgreSQL to a version that is not affected, specifically above 9.3.4.
What systems are affected by CVE-2014-0064?
CVE-2014-0064 affects PostgreSQL versions 8.4.x through 9.3.3.
Can CVE-2014-0064 be exploited remotely?
Yes, CVE-2014-0064 can be exploited by an authenticated user to cause crashes or execute arbitrary code which might lead to broader system access.
Is user authentication sufficient to mitigate CVE-2014-0064?
No, simply having user authentication does not mitigate the risks associated with CVE-2014-0064, as an authenticated user can exploit the vulnerability.
- agent/first-publish-date
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-0064
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/postgresql
- canonical/postgresql common
- version/postgresql common/8.4.19
- version/postgresql common/8.4.1
- version/postgresql common/8.4.2
- version/postgresql common/8.4.3
- version/postgresql common/8.4.4
- version/postgresql common/8.4.5
- version/postgresql common/8.4.6
- version/postgresql common/8.4.7
- version/postgresql common/8.4.8
- version/postgresql common/8.4.9
- version/postgresql common/8.4.10
- version/postgresql common/8.4.11
- version/postgresql common/8.4.12
- version/postgresql common/8.4.13
- version/postgresql common/8.4.14
- version/postgresql common/8.4.15
- version/postgresql common/8.4.16
- version/postgresql common/8.4.17
- version/postgresql common/8.4.18
- version/postgresql common/9.0
- version/postgresql common/9.0.1
- version/postgresql common/9.0.2
- version/postgresql common/9.0.3
- version/postgresql common/9.0.4
- version/postgresql common/9.0.5
- version/postgresql common/9.0.6
- version/postgresql common/9.0.7
- version/postgresql common/9.0.8
- version/postgresql common/9.0.9
- version/postgresql common/9.0.10
- version/postgresql common/9.0.11
- version/postgresql common/9.0.12
- version/postgresql common/9.0.13
- version/postgresql common/9.0.14
- version/postgresql common/9.0.15
- version/postgresql common/9.1
- version/postgresql common/9.1.1
- version/postgresql common/9.1.2
- version/postgresql common/9.1.3
- version/postgresql common/9.1.4
- version/postgresql common/9.1.5
- version/postgresql common/9.1.6
- version/postgresql common/9.1.7
- version/postgresql common/9.1.8
- version/postgresql common/9.1.9
- version/postgresql common/9.1.10
- version/postgresql common/9.1.11
- version/postgresql common/9.2
- version/postgresql common/9.2.1
- version/postgresql common/9.2.2
- version/postgresql common/9.2.3
- version/postgresql common/9.2.4
- version/postgresql common/9.2.5
- version/postgresql common/9.2.6
- version/postgresql common/9.3
- version/postgresql common/9.3.1
- version/postgresql common/9.3.2