Main Vulnerability Database Exploits ID:11708 - Exploit for Input validation error in PostgreSQL - CVE-2010-0442

ID:11708 - Exploit for Input validation error in PostgreSQL - CVE-2010-0442

Published: June 23, 2025

Vulnerability identifier: #VU111772

Vulnerability risk: Medium

CVE-ID: CVE-2010-0442

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
PostgreSQL

Link to public exploit:

https://www.exploit-db.com/exploits/33571/

Vulnerability description

The vulnerability allows a remote user to read and manipulate data.

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."

Remediation

Install update from vendor's website.

ID:11708 - Exploit for Input validation error in PostgreSQL - CVE-2010-0442

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human