CVE-2002-1397
PostgreSQL <= 7.2 - Denial of Service and Possible Remote Code Execution via cash_words() Function
Title source: llmDescription
Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow.
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102977465204357&w=2
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/8034
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5497
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-001.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/9891
Various Sources x_refsource_misc
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52
Scores
EPSS
0.0066
EPSS Percentile
71.4%
Details
Status
published
Products (8)
postgresql/postgresql
6.3.2
postgresql/postgresql
6.5.3
postgresql/postgresql
7.0.3
postgresql/postgresql
7.1
postgresql/postgresql
7.1.1
postgresql/postgresql
7.1.2
postgresql/postgresql
7.1.3
postgresql/postgresql
7.2
Published
Jan 17, 2003
Tracked Since
Feb 18, 2026