CVE-2010-4015

Published: Feb 2, 2011Modified: Apr 29, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.

Affected (44)

Products: Postgresql: Postgresql

Postgresql

1 product

Postgresql

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 8.3.10
Postgresql Postgresql	Version 8.3.11
Postgresql Postgresql	Version 8.3.12
Postgresql Postgresql	Version 8.3.13
Postgresql Postgresql	Version 8.3.1
Postgresql Postgresql	Version 8.3.2
Postgresql Postgresql	Version 8.3.3
Postgresql Postgresql	Version 8.3.4
Postgresql Postgresql	Version 8.3.5
Postgresql Postgresql	Version 8.3.6
Postgresql Postgresql	Version 8.3.7
Postgresql Postgresql	Version 8.3.8
Postgresql Postgresql	Version 8.3.9
Postgresql Postgresql	Version 8.3

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 9.0.1
Postgresql Postgresql	Version 9.0.2
Postgresql Postgresql	Version 9.0

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 8.4.1
Postgresql Postgresql	Version 8.4.2
Postgresql Postgresql	Version 8.4.3
Postgresql Postgresql	Version 8.4.4
Postgresql Postgresql	Version 8.4.5
Postgresql Postgresql	Version 8.4.6
Postgresql Postgresql	Version 8.4

Configuration D

20 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 8.2.10
Postgresql Postgresql	Version 8.2.11
Postgresql Postgresql	Version 8.2.12
Postgresql Postgresql	Version 8.2.13
Postgresql Postgresql	Version 8.2.14
Postgresql Postgresql	Version 8.2.15
Postgresql Postgresql	Version 8.2.16
Postgresql Postgresql	Version 8.2.17
Postgresql Postgresql	Version 8.2.18
Postgresql Postgresql	Version 8.2.19
Postgresql Postgresql	Version 8.2.1
Postgresql Postgresql	Version 8.2.2
Postgresql Postgresql	Version 8.2.3
Postgresql Postgresql	Version 8.2.4
Postgresql Postgresql	Version 8.2.5
Postgresql Postgresql	Version 8.2.6
Postgresql Postgresql	Version 8.2.7
Postgresql Postgresql	Version 8.2.8
Postgresql Postgresql	Version 8.2.9
Postgresql Postgresql	Version 8.2

Related CWEs

CWE-189

References (58)

http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commitdiff%3Bh=7ccb6dc2d3e266a551827bb99179708580f72431

Source: product-security@apple.com

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: product-security@apple.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html

Source: product-security@apple.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html

Source: product-security@apple.com

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Source: product-security@apple.com

http://marc.info/?l=bugtraq&m=134124585221119&w=2

Source: product-security@apple.com

http://osvdb.org/70740

Source: product-security@apple.com

http://secunia.com/advisories/43144

Source: product-security@apple.com

Vendor Advisory

http://secunia.com/advisories/43154

Source: product-security@apple.com

http://secunia.com/advisories/43155

Source: product-security@apple.com

http://secunia.com/advisories/43187

Source: product-security@apple.com

http://secunia.com/advisories/43188

Source: product-security@apple.com

http://secunia.com/advisories/43240

Source: product-security@apple.com

http://www.debian.org/security/2011/dsa-2157

Source: product-security@apple.com

http://www.mandriva.com/security/advisories?name=MDVSA-2011:021

Source: product-security@apple.com

http://www.postgresql.org/about/news.1289

Source: product-security@apple.com

http://www.postgresql.org/support/security

Source: product-security@apple.com

http://www.redhat.com/support/errata/RHSA-2011-0197.html

Source: product-security@apple.com

http://www.redhat.com/support/errata/RHSA-2011-0198.html

Source: product-security@apple.com

http://www.securityfocus.com/bid/46084

Source: product-security@apple.com

http://www.ubuntu.com/usn/USN-1058-1

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0262

Source: product-security@apple.com

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0278

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0283

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0287

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0299

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0303

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0349

Source: product-security@apple.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/65060

Source: product-security@apple.com

http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commitdiff%3Bh=7ccb6dc2d3e266a551827bb99179708580f72431