FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postgresql -- bitsubstr overflow

Affected packages
7.4 <= postgresql-server < 7.4.28
8.0 <= postgresql-server < 8.0.24
8.1 <= postgresql-server < 8.1.20
8.2 <= postgresql-server < 8.2.16
8.3 <= postgresql-server < 8.3.10
8.4 <= postgresql-server < 8.4.3

Details

VuXML ID e050119b-3856-11df-b2b2-002170daae37
Discovery 2010-01-27
Entry 2010-03-25

BugTraq reports:

PostgreSQL is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application.

References

Bugtraq ID 37973
CVE Name CVE-2010-0442