CVE-2005-0247
Published: 2 May 2005
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
postgresql Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| edgy |
Not vulnerable
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
postgresql-7.4 Launchpad, Ubuntu, Debian |
dapper |
Released
(7.4.12-3)
|
| edgy |
Released
(7.4.12-3)
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
postgresql-8.0 Launchpad, Ubuntu, Debian |
dapper |
Released
(8.0.7-2build1)
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
postgresql-8.1 Launchpad, Ubuntu, Debian |
dapper |
Released
(8.1.9-0ubuntu0.6.06)
|
| edgy |
Released
(8.1.9-0ubuntu0.6.10)
|
|
| feisty |
Released
(8.1.8-1ubuntu3)
|
|
| upstream |
Needs triage
|
|
|
postgresql-8.2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Released
(8.2.4-0ubuntu0.7.04)
|
|
| upstream |
Needs triage
|