CVE-2014-2669

Priority
Description
Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL
9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x
before 9.3.3 allow remote authenticated users to have unspecified impact
via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3)
hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4)
hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a
buffer overflow. NOTE: this issue was SPLIT from CVE-2014-0064 because it
has a different set of affected versions.
Notes
Package
Upstream:released (8.4.20)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Package
Upstream:released (9.1.12)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [9.1.12-1])
Package
Upstream:released (9.3.3-1)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (9.3.3-1bzr2)
More Information

Updated: 2020-09-10 02:58:50 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)