CVE-2014-0064

2014-03-31 16:58:15 2017-12-16 03:29:01

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Postgresql - Postgresql

Advisory	Patch	Confirmed	Link
			http://www.postgresql.org/support/security/
			DSA-2865
			http://www.oracle.com/technetwork/security-advisory/cpuo...
			http://www.postgresql.org/about/news/1506/
			DSA-2864
			http://wiki.postgresql.org/wiki/20140220securityrelease
			61307
			http://support.apple.com/kb/HT6448
			RHSA-2014:0221
			RHSA-2014:0249
			RHSA-2014:0469
			RHSA-2014:0211
			openSUSE-SU-2014:0368
			openSUSE-SU-2014:0345
			http://kb.juniper.net/InfoCenter/index?page=content&id=J...
			APPLE-SA-2014-10-16-3
			65725
			USN-2120-1
			https://bugzilla.redhat.com/show_bug.cgi?id=1065230
			https://github.com/postgres/postgres/commit/31400a673325...
			https://support.apple.com/kb/HT6536

Numeric Errors (ID 189)

Related CVE(s) 1 CVE-2014-2669 CVSS 6.5