Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow. NOTE: this issue was SPLIT from CVE-2014-0064 because it has a different set of affected versions.
Vector
NETWORK
Complexity
LOW
Authentication
SINGLE_INSTANCE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
PostgreSQL PostgreSQL 9.1.11
PostgreSQL PostgreSQL 9.1.10
PostgreSQL PostgreSQL 9.1.9
PostgreSQL 9.1.8
PostgreSQL 9.1.7
PostgreSQL 9.1.6
PostgreSQL 9.1.5
PostgreSQL 9.1.4
PostgreSQL 9.1.3
PostgreSQL 9.1.2
PostgreSQL 9.1.1
PostgreSQL 9.1
PostgreSQL PostgreSQL 9.0.15
PostgreSQL PostgreSQL 9.0.14
PostgreSQL PostgreSQL 9.0.13
PostgreSQL 9.0.12
PostgreSQL 9.0.11
PostgreSQL 9.0.10
PostgreSQL 9.0.9
PostgreSQL 9.0.8
PostgreSQL 9.0.7
PostgreSQL 9.0.6
PostgreSQL 9.0.5
PostgreSQL 9.0.4
PostgreSQL 9.0.3
PostgreSQL 9.0.2
PostgreSQL 9.0.1
PostgreSQL 9.0
PostgreSQL 9.2
PostgreSQL 9.2.1
PostgreSQL 9.2.2
PostgreSQL PostgreSQL 9.2.3
PostgreSQL PostgreSQL 9.2.4
PostgreSQL PostgreSQL 9.2.5
PostgreSQL PostgreSQL 9.3
PostgreSQL PostgreSQL 9.3.1
PostgreSQL PostgreSQL 9.3.2