Vulnerability CVE-2007-4769


Published: 2008-01-09   Modified: 2012-02-12

Description:
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

Type:

CWE-189

(Numeric Errors)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Tcl tk -> Tcl tk 
Postgresql -> Postgresql 

 References:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
http://security.gentoo.org/glsa/glsa-200801-15.xml
http://securitytracker.com/id?1019157
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
http://www.debian.org/security/2008/dsa-1460
http://www.debian.org/security/2008/dsa-1463
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
http://www.postgresql.org/about/news.905
http://www.redhat.com/support/errata/RHSA-2008-0038.html
http://www.redhat.com/support/errata/RHSA-2008-0040.html
http://www.securityfocus.com/archive/1/485864/100/0/threaded
http://www.securityfocus.com/archive/1/486407/100/0/threaded
http://www.securityfocus.com/bid/27163
http://www.vupen.com/english/advisories/2008/0061
http://www.vupen.com/english/advisories/2008/0109
http://www.vupen.com/english/advisories/2008/1071/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/39499
https://issues.rpath.com/browse/RPL-1768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804
https://usn.ubuntu.com/568-1/
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

Copyright 2024, cxsecurity.com

 

Back to Top