QwikSec

Security Database

CVE

CWE

Training

CVE-2005-0247

Published: Feb 8, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[pgsql-committers] 20050207 pgsql: Prevent 4 more buffer overruns in the PL/PgSQL parser.

mailing-list

x_refsource_MLIST

postgresql-makeselectstmt-arbitrary-bo(19377)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_MANDRAKE

20050210 [USN-79-1] PostgreSQL vulnerabilities

mailing-list

x_refsource_BUGTRAQ

SUSE-SA:2005:027

vendor-advisory

x_refsource_SUSE

postgresql-readsqlconstruct-bo(19375)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_REDHAT

postgresql-makeselectstmt-input-bo(19376)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_REDHAT

postgresql-fetch-makefetchstmt-bo(19378)

vdb-entry

x_refsource_XF

oval:org.mitre.oval:def:9345

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_DEBIAN

SUSE-SA:2005:036

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.