CVE-2007-4769

Description

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

CVSS Metrics

• v2.0•MEDIUM•Score: 6.8AV:N/AC:L/Au:S/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 1.19%• Percentile: 79%

Techniques & Countermeasures

• CWE-189•Numeric Errors

  Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

• postgresql•postgresql

  7.3 | 7.3.1 | 7.3.2 | 7.3.3 | 7.3.4 | 7.3.6 | 7.3.8 | 7.3.9 | 7.3.10 | 7.3.11 | 7.3.12 | 7.3.13 | 7.3.14 | 7.3.15 | 7.3.16 | 7.3.19 | 7.4 | 7.4.1 | 7.4.2 | 7.4.3 | 7.4.4 | 7.4.5 | 7.4.6 | 7.4.7 | 7.4.8 | 7.4.9 | 7.4.10 | 7.4.11 | 7.4.12 | 7.4.13 | 7.4.14 | 7.4.16 | 7.4.17 | 8.0 | 8.0.1 | 8.0.2 | 8.0.3 | 8.0.4 | 8.0.5 | 8.0.7 | 8.0.8 | 8.0.9 | 8.0.11 | 8.0.13 | 8.0.317 | 8.1.1 | 8.1.3 | 8.1.4 | 8.1.5 | 8.1.7 | 8.1.8 | 8.1.9 | 8.2 | 8.2.2 | 8.2.3 | 8.2.4

• tcl_tk•tcl_tk

  ≤ 8.4.16

References (38)

• http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
• http://www.debian.org/security/2008/dsa-1460
• http://www.securityfocus.com/bid/27163
• https://issues.rpath.com/browse/RPL-1768
• http://www.redhat.com/support/errata/RHSA-2008-0038.html
• http://secunia.com/advisories/28454
• http://www.securityfocus.com/archive/1/485864/100/0/threaded
• http://secunia.com/advisories/28359
• http://www.postgresql.org/about/news.905
• http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
• http://www.vupen.com/english/advisories/2008/0061
• http://secunia.com/advisories/28679
• http://www.vupen.com/english/advisories/2008/0109
• http://secunia.com/advisories/28376
• http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
• http://secunia.com/advisories/28437
• http://secunia.com/advisories/28455
• http://secunia.com/advisories/28477
• http://secunia.com/advisories/29638
• http://secunia.com/advisories/28479
• http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
• http://www.debian.org/security/2008/dsa-1463
• http://www.redhat.com/support/errata/RHSA-2008-0040.html
• http://www.securityfocus.com/archive/1/486407/100/0/threaded
• http://secunia.com/advisories/28464
• http://secunia.com/advisories/28698
• http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
• http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
• https://usn.ubuntu.com/568-1/
• https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
• http://secunia.com/advisories/28438
• https://exchange.xforce.ibmcloud.com/vulnerabilities/39499
• http://securitytracker.com/id?1019157
• https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
• http://security.gentoo.org/glsa/glsa-200801-15.xml
• http://www.vupen.com/english/advisories/2008/1071/references
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804