CVE-2014-0063

Published: Mar 31, 2014Modified: May 6, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.

Affected (57)

Products: Postgresql: Postgresql

1 product

Configuration A

57 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Up to 8.4.19
Postgresql Postgresql	Version 8.4.10
Postgresql Postgresql	Version 8.4.11
Postgresql Postgresql	Version 8.4.12
Postgresql Postgresql	Version 8.4.13
Postgresql Postgresql	Version 8.4.14
Postgresql Postgresql	Version 8.4.15
Postgresql Postgresql	Version 8.4.16
Postgresql Postgresql	Version 8.4.17
Postgresql Postgresql	Version 8.4.18
Postgresql Postgresql	Version 8.4.1
Postgresql Postgresql	Version 8.4.2
Postgresql Postgresql	Version 8.4.3
Postgresql Postgresql	Version 8.4.4
Postgresql Postgresql	Version 8.4.5
Postgresql Postgresql	Version 8.4.6
Postgresql Postgresql	Version 8.4.7
Postgresql Postgresql	Version 8.4.8
Postgresql Postgresql	Version 8.4.9
Postgresql Postgresql	Version 9.0.10
Postgresql Postgresql	Version 9.0.11
Postgresql Postgresql	Version 9.0.12
Postgresql Postgresql	Version 9.0.13
Postgresql Postgresql	Version 9.0.14
Postgresql Postgresql	Version 9.0.15
Postgresql Postgresql	Version 9.0.1
Postgresql Postgresql	Version 9.0.2
Postgresql Postgresql	Version 9.0.3
Postgresql Postgresql	Version 9.0.4
Postgresql Postgresql	Version 9.0.5
Postgresql Postgresql	Version 9.0.6
Postgresql Postgresql	Version 9.0.7
Postgresql Postgresql	Version 9.0.8
Postgresql Postgresql	Version 9.0.9
Postgresql Postgresql	Version 9.0
Postgresql Postgresql	Version 9.1.10
Postgresql Postgresql	Version 9.1.11
Postgresql Postgresql	Version 9.1.1
Postgresql Postgresql	Version 9.1.2
Postgresql Postgresql	Version 9.1.3
Postgresql Postgresql	Version 9.1.4
Postgresql Postgresql	Version 9.1.5
Postgresql Postgresql	Version 9.1.6
Postgresql Postgresql	Version 9.1.7
Postgresql Postgresql	Version 9.1.8
Postgresql Postgresql	Version 9.1.9
Postgresql Postgresql	Version 9.1
Postgresql Postgresql	Version 9.2.1
Postgresql Postgresql	Version 9.2.2
Postgresql Postgresql	Version 9.2.3
Postgresql Postgresql	Version 9.2.4
Postgresql Postgresql	Version 9.2.5
Postgresql Postgresql	Version 9.2.6
Postgresql Postgresql	Version 9.2
Postgresql Postgresql	Version 9.3.1
Postgresql Postgresql	Version 9.3.2
Postgresql Postgresql	Version 9.3

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (42)

http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

Source: secalert@redhat.com

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-0211.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-0221.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-0249.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-0469.html

Source: secalert@redhat.com

http://secunia.com/advisories/61307

Source: secalert@redhat.com

http://support.apple.com/kb/HT6448

Source: secalert@redhat.com

http://wiki.postgresql.org/wiki/20140220securityrelease

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2014/dsa-2864

Source: secalert@redhat.com

http://www.debian.org/security/2014/dsa-2865

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: secalert@redhat.com

http://www.postgresql.org/about/news/1506/

Source: secalert@redhat.com

Vendor Advisory

http://www.postgresql.org/support/security/

Source: secalert@redhat.com

http://www.securityfocus.com/bid/65719

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2120-1

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1065226

Source: secalert@redhat.com

https://github.com/postgres/postgres/commit/4318daecc959886d001a6e79c6ea853e8b1dfb4b

Source: secalert@redhat.com

https://support.apple.com/kb/HT6536

Source: secalert@redhat.com

http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-0211.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-0221.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-0249.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-0469.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/61307

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT6448

Source: af854a3a-2127-422b-91ae-364da2661108

http://wiki.postgresql.org/wiki/20140220securityrelease

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2014/dsa-2864

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-2865

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/about/news/1506/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.postgresql.org/support/security/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/65719

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2120-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1065226

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/postgres/postgres/commit/4318daecc959886d001a6e79c6ea853e8b1dfb4b

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT6536

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.