CVE-2009-0922
Published: 17 March 2009
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
Notes
Author | Note |
---|---|
mdeslaur | the denial of service is only temporary, so impact isn't great. (should this be changed to "low priority"?) upstream patch replaces core dump due to stack overflow with core dump due to abort(), so doesn't fix temporary DoS see http://archives.postgresql.org//pgsql-bugs/2009-02/msg00190.php |
Priority
Status
Package | Release | Status |
---|---|---|
postgresql-7.4 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
postgresql-8.0 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(8.0.21)
|
|
postgresql-8.1 Launchpad, Ubuntu, Debian |
dapper |
Released
(8.1.17-0ubuntu0.6.06.1)
|
gutsy |
Ignored
(end of life, was needs-triage)
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(8.1.17)
|
|
postgresql-8.2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needs-triage)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(8.2.13)
|
|
postgresql-8.3 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Released
(8.3.7-0ubuntu8.04.1)
|
|
intrepid |
Released
(8.3.7-0ubuntu8.10.1)
|
|
jaunty |
Not vulnerable
(8.3.7-1)
|
|
karmic |
Not vulnerable
(8.3.7-1)
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(8.3.7)
|