REDHAT-BUG-546621: Integer Overflow
First published: Fri Dec 11 2009(Updated: )
An integer overflow flaw was found in the way postgresql used to calculate size for the hashtable for joined relations. An attacker could formulate a specially-crafted sql query, which once processed would lead to denial of service (postgresql daemon crash). Upstream bug report: -------------------- [1] <a href="http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php">http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php</a> References: ----------- [2] <a href="http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php">http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php</a> [3] <a href="http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php">http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php</a> [4] <a href="http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php">http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php</a> Upstream patch: --------------- git clone git://git.postgresql.org/git/postgresql.git cd postgresql && git show 64b057e6823655fb6c5d1f24a28f236b94dd6c54 Credit: ------- Bernt Marius Johnsen
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL Common |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php
- http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php
- http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php
- http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=377733&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=377733&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=546621#c0
- http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=64b057e6823655fb6c5d1f24a28f236b94dd6c54
- https://access.redhat.com/security/cve/CVE-2010-0733
- https://rhn.redhat.com/errata/RHSA-2010-0427.html
- https://rhn.redhat.com/errata/RHSA-2010-0428.html
- https://rhn.redhat.com/errata/RHSA-2010-0429.html
- https://bugzilla.redhat.com/show_bug.cgi?id=546621
Frequently Asked Questions
What is the severity of REDHAT-BUG-546621?
The severity of REDHAT-BUG-546621 is classified as high due to the potential for denial of service.
How do I fix REDHAT-BUG-546621?
To fix REDHAT-BUG-546621, apply the latest security patches for PostgreSQL that address this integer overflow vulnerability.
Which versions of PostgreSQL are affected by REDHAT-BUG-546621?
REDHAT-BUG-546621 affects multiple versions of PostgreSQL prior to the security fix.
What type of attack is associated with REDHAT-BUG-546621?
The attack associated with REDHAT-BUG-546621 involves sending specially-crafted SQL queries that exploit the integer overflow flaw.
What is the impact of REDHAT-BUG-546621 on PostgreSQL operations?
The impact of REDHAT-BUG-546621 can lead to a crash of the PostgreSQL daemon, resulting in service disruption.
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-0733
- agent/last-modified-date
- agent/first-publish-date
- agent/source
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/postgresql
- canonical/postgresql common