Main Vulnerability Database Vulnerabilities #VU111783

Input validation error in PostgreSQL - CVE-2007-0556

Published: October 16, 2018 / Updated: June 23, 2025

Vulnerability identifier: #VU111783

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2007-0556

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: PostgreSQL Global Development Group

Affected software:
PostgreSQL

Detailed vulnerability description

The vulnerability allows a remote user to read data or crash the application.

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

How to mitigate CVE-2007-0556

Install update from vendor's website.

Input validation error in PostgreSQL - CVE-2007-0556

Detailed vulnerability description

How to mitigate CVE-2007-0556

Sources

Please verify you're human