SB2023011948 - Input validation error in PostgreSQL
Published: January 19, 2023 Updated: June 23, 2025
Security Bulletin ID
SB2023011948
CSH Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Input validation error (CVE-ID: CVE-2007-0555)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote user to read data or crash the application.
PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
Remediation
Install update from vendor's website.
References
- http://www.postgresql.org/support/security
- http://secunia.com/advisories/24033
- http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html
- https://issues.rpath.com/browse/RPL-830
- https://issues.rpath.com/browse/RPL-1025
- http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
- http://www.debian.org/security/2007/dsa-1261
- http://fedoranews.org/cms/node/2554
- http://security.gentoo.org/glsa/glsa-200703-15.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:037
- http://www.redhat.com/support/errata/RHSA-2007-0064.html
- http://www.redhat.com/support/errata/RHSA-2007-0067.html
- http://www.redhat.com/support/errata/RHSA-2007-0068.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1
- http://www.trustix.org/errata/2007/0007
- http://www.ubuntu.com/usn/usn-417-2
- http://www.securityfocus.com/bid/22387
- http://securitytracker.com/id?1017597
- http://secunia.com/advisories/24028
- http://secunia.com/advisories/24057
- http://secunia.com/advisories/24050
- http://secunia.com/advisories/24042
- http://secunia.com/advisories/24094
- http://secunia.com/advisories/24151
- http://secunia.com/advisories/24158
- http://secunia.com/advisories/24315
- http://secunia.com/advisories/24513
- http://secunia.com/advisories/24577
- http://www.novell.com/linux/security/advisories/2007_10_sr.html
- http://secunia.com/advisories/25220
- ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
- http://secunia.com/advisories/24284
- http://osvdb.org/33087
- http://www.vupen.com/english/advisories/2007/0478
- http://www.vupen.com/english/advisories/2007/0774
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32195
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9739
- https://usn.ubuntu.com/417-1/
- http://www.securityfocus.com/archive/1/459448/100/0/threaded
- http://www.securityfocus.com/archive/1/459280/100/0/threaded