CVE-2005-0245

PostgreSQL < 7.3.10 - Heap-Based Buffer Overflow via Refcursor Function Arguments

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0245. PoCs published by ChoiX.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in PostgreSQL <=8.0.1 by creating a malicious PL/pgSQL function with an excessive number of variables, leading to a denial-of-service (DoS) condition. The exploit requires authentication and the plpgsql language to be enabled.

Description

Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ChoiX · cdoslinux

https://www.exploit-db.com/exploits/25076

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in PostgreSQL <=8.0.1 by creating a malicious PL/pgSQL function with an excessive number of variables, leading to a denial-of-service (DoS) condition. The exploit requires authentication and the plpgsql language to be enabled.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: PostgreSQL <=8.0.1

Auth required

Prerequisites: PostgreSQL with plpgsql language enabled · Valid database credentials

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/19188

Vendor Advisory mailing-list x_refsource_mlist

http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php

Broken Link vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2005:040

Issue Tracking, Third Party Advisory mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=110806034116082&w=2

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10175

Exploit, Vendor Advisory mailing-list x_refsource_mlist

http://archives.postgresql.org/pgsql-patches/2005-01/msg00216.php

Patch, Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-138.html

Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/12948

Patch, Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-150.html

Vendor Advisory mailing-list x_refsource_mlist

http://archives.postgresql.org/pgsql-committers/2005-01/msg00298.php

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12417

Exploit, Vendor Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2005/dsa-683

Broken Link vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2005_36_sudo.html

Scores

EPSS 0.1447

EPSS Percentile 96.2%

Details

Status published

Products (2)

postgresql/postgresql 8.0

postgresql/postgresql 7.3 - 7.3.10

Published Feb 01, 2005

Tracked Since Feb 18, 2026