CVE-2013-0255

Published: Feb 13, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitability: 8.0 / Impact: 6.9

Source: NVD

Description

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.

Affected (59)

Products: Postgresql: Postgresql

1 product

Configuration A

23 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 8.3.10
Postgresql Postgresql	Version 8.3.11
Postgresql Postgresql	Version 8.3.12
Postgresql Postgresql	Version 8.3.13
Postgresql Postgresql	Version 8.3.14
Postgresql Postgresql	Version 8.3.15
Postgresql Postgresql	Version 8.3.16
Postgresql Postgresql	Version 8.3.17
Postgresql Postgresql	Version 8.3.18
Postgresql Postgresql	Version 8.3.19
Postgresql Postgresql	Version 8.3.1
Postgresql Postgresql	Version 8.3.20
Postgresql Postgresql	Version 8.3.21
Postgresql Postgresql	Version 8.3.22
Postgresql Postgresql	Version 8.3.2
Postgresql Postgresql	Version 8.3.3
Postgresql Postgresql	Version 8.3.4
Postgresql Postgresql	Version 8.3.5
Postgresql Postgresql	Version 8.3.6
Postgresql Postgresql	Version 8.3.7
Postgresql Postgresql	Version 8.3.8
Postgresql Postgresql	Version 8.3.9
Postgresql Postgresql	Version 8.3

Configuration B

16 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 8.4.10
Postgresql Postgresql	Version 8.4.11
Postgresql Postgresql	Version 8.4.12
Postgresql Postgresql	Version 8.4.13
Postgresql Postgresql	Version 8.4.14
Postgresql Postgresql	Version 8.4.15
Postgresql Postgresql	Version 8.4.1
Postgresql Postgresql	Version 8.4.2
Postgresql Postgresql	Version 8.4.3
Postgresql Postgresql	Version 8.4.4
Postgresql Postgresql	Version 8.4.5
Postgresql Postgresql	Version 8.4.6
Postgresql Postgresql	Version 8.4.7
Postgresql Postgresql	Version 8.4.8
Postgresql Postgresql	Version 8.4.9
Postgresql Postgresql	Version 8.4

Configuration C

12 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 9.0.10
Postgresql Postgresql	Version 9.0.11
Postgresql Postgresql	Version 9.0.1
Postgresql Postgresql	Version 9.0.2
Postgresql Postgresql	Version 9.0.3
Postgresql Postgresql	Version 9.0.4
Postgresql Postgresql	Version 9.0.5
Postgresql Postgresql	Version 9.0.6
Postgresql Postgresql	Version 9.0.7
Postgresql Postgresql	Version 9.0.8
Postgresql Postgresql	Version 9.0.9
Postgresql Postgresql	Version 9.0

Configuration D

8 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 9.1.1
Postgresql Postgresql	Version 9.1.2
Postgresql Postgresql	Version 9.1.3
Postgresql Postgresql	Version 9.1.4
Postgresql Postgresql	Version 9.1.5
Postgresql Postgresql	Version 9.1.6
Postgresql Postgresql	Version 9.1.7
Postgresql Postgresql	Version 9.1

Configuration E

3 platform

Running on/with	Platform Versions
Postgresql Postgresql	Version 9.2.1
Postgresql Postgresql	Version 9.2.2
Postgresql Postgresql	Version 9.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (42)

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html

Source: secalert@redhat.com

http://osvdb.org/89935

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-1475.html

Source: secalert@redhat.com

http://secunia.com/advisories/51923

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/52819

Source: secalert@redhat.com

http://securitytracker.com/id?1028092

Source: secalert@redhat.com

http://www.debian.org/security/2013/dsa-2630

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2013:142

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/8.3/static/release-8-3-23.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/8.4/static/release-8-4-16.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/9.0/static/release-9-0-12.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/9.1/static/release-9-1-8.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/9.2/static/release-9-2-3.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/57844

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1717-1

Source: secalert@redhat.com

https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=907892

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/81917

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/89935

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-1475.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/51923

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/52819

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1028092

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2013/dsa-2630

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2013:142

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/8.3/static/release-8-3-23.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/8.4/static/release-8-4-16.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/9.0/static/release-9-0-12.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/9.1/static/release-9-1-8.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/9.2/static/release-9-2-3.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/57844

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1717-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=907892

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/81917

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.