CVE-2012-2655

Description

PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.

CVSS Metrics

• v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 1.41%• Percentile: 81%

Techniques & Countermeasures

• CWE-399•Resource Management Errors

  Weaknesses in this category are related to improper management of system resources.

Affected Systems

• postgresql•postgresql

  8.3 | 8.3.1 | 8.3.2 | 8.3.3 | 8.3.4 | 8.3.5 | 8.3.6 | 8.3.7 | 8.3.8 | 8.3.9 | 8.3.10 | 8.3.11 | 8.3.12 | 8.3.13 | 8.3.14 | 8.3.15 | 8.3.16 | 8.3.17 | 8.3.18 | 8.4 | 8.4.1 | 8.4.2 | 8.4.3 | 8.4.4 | 8.4.5 | 8.4.6 | 8.4.7 | 8.4.8 | 8.4.9 | 8.4.10 | 8.4.11 | 9.0 | 9.0.1 | 9.0.2 | 9.0.3 | 9.0.4 | 9.0.5 | 9.0.6 | 9.0.7 | 9.1 | 9.1.1 | 9.1.2 | 9.1.3

References (11)

• http://www.postgresql.org/about/news/1398/
• http://secunia.com/advisories/50718
• http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html
• http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html
• http://www.debian.org/security/2012/dsa-2491
• http://rhn.redhat.com/errata/RHSA-2012-1037.html
• http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html
• http://www.mandriva.com/security/advisories?name=MDVSA-2012:092
• http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
• http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
• http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html