CVE-2010-0733

Priority
Medium
Description
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and
earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to
cause a denial of service (daemon crash) via a SELECT statement with many
LEFT JOIN clauses, related to certain hashtable size calculations.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0733
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php
Bugs
https://bugzilla.redhat.com/show_bug.cgi?id=546621
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php
Package
Source: postgresql-8.4 (LP Ubuntu Debian)
Upstream:released (8.4.2)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (8.4.3-1)
Ubuntu 11.04 (Natty Narwhal):released (8.4.3-1)
Ubuntu 11.10 (Oneiric Ocelot):released (8.4.3-1)
Ubuntu 12.04 LTS (Precise Pangolin):released (8.4.3-1)
Patches:
Upstream:http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=64b057e6823655fb6c5d1f24a28f236b94dd6c54
Package
Source: postgresql-7.4 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Source: postgresql-8.1 (LP Ubuntu Debian)
Upstream:released (8.1.19)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Source: postgresql-8.0 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Source: postgresql-8.3 (LP Ubuntu Debian)
Upstream:released (8.3.9)
Ubuntu 8.04 LTS (Hardy Heron):released (8.3.9-0ubuntu8.04)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Source: postgresql-8.2 (LP Ubuntu Debian)
Upstream:released (8.2.15)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:44 UTC (commit 5347)