Input validation error in PostgreSQL - CVE-2005-1409
Published: May 3, 2005 / Updated: June 23, 2025
Vulnerability identifier: #VU111764
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2005-1409
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PostgreSQL Global Development Group
Affected software:
PostgreSQL
PostgreSQL
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."
How to mitigate CVE-2005-1409
Install update from vendor's website.
Sources
- http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php
- http://www.novell.com/linux/security/advisories/2005_36_sudo.html
- http://www.postgresql.org/about/news.315
- http://www.redhat.com/support/errata/RHSA-2005-433.html
- http://www.securityfocus.com/archive/1/426302/30/6680/threaded
- http://www.securityfocus.com/bid/13476
- http://www.vupen.com/english/advisories/2005/0453
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10050
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A676