Input validation error in PostgreSQL

Published: 2023-02-24 | Updated: 2025-06-23

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2010-0442
CWE-ID	CWE-20
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	PostgreSQL Server applications / Database software
Vendor	PostgreSQL Global Development Group

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Input validation error

EUVDB-ID: #VU111772

Risk: Medium

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2010-0442

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote user to read and manipulate data.

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."

Mitigation

Install update from vendor's website.

Vulnerable software versions

PostgreSQL: 8.0.23

CPE2.3

cpe:2.3:a:postgresql_global_development_group:postgresql:8.0.23:*:*:*:*:*:*:*

External links

https://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html
https://www.securityfocus.com/bid/37973
https://bugzilla.redhat.com/show_bug.cgi?id=559194
https://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php
https://bugzilla.redhat.com/show_bug.cgi?id=559259
https://securitytracker.com/id?1023510
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058
https://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php
https://www.openwall.com/lists/oss-security/2010/01/27/5
https://secunia.com/advisories/39566
https://www.vupen.com/english/advisories/2010/1022
https://ubuntu.com/usn/usn-933-1
https://www.redhat.com/support/errata/RHSA-2010-0429.html
https://www.redhat.com/support/errata/RHSA-2010-0427.html
https://www.redhat.com/support/errata/RHSA-2010-0428.html
https://www.vupen.com/english/advisories/2010/1207
https://www.mandriva.com/security/advisories?name=MDVSA-2010:103
https://www.vupen.com/english/advisories/2010/1197
https://secunia.com/advisories/39820
https://secunia.com/advisories/39939
https://www.debian.org/security/2010/dsa-2051
https://www.vupen.com/english/advisories/2010/1221
https://exchange.xforce.ibmcloud.com/vulnerabilities/55902
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720
https://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12
https://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.