PostgreSQL - 'bitsubstr' Buffer Overflow
| EKU-ID: 38395 | CVE: CVE-2010-0442;OSVDB-62129 | OSVDB-ID: |
| Author: Intevydis | Published: 2010-01-27 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 38395 | CVE: CVE-2010-0442;OSVDB-62129 | OSVDB-ID: |
| Author: Intevydis | Published: 2010-01-27 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/37973/info PostgreSQL is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application. PostgreSQL 8.0.23 is vulnerable; other versions may also be affected. testdb=# select substring(B'101010101010101010101010101010101010 10101010101',33,-15);