CVE-2007-4769

PostgreSQL 8.2-8.2.5, 8.1-8.1.10, 8.0-8.0.14, 7.4-7.4.18 - DoS via TCL Regex Parser

Title source: llm

Description

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

References (38)

Core 38

Core References

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27163

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:004

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1460

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-1768

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0038.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28454

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/485864/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28359

Various Sources x_refsource_confirm

http://www.postgresql.org/about/news.905

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0061

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28679

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0109

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28376

Product x_refsource_confirm

http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28437

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28455

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28477

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29638

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28479

Product x_refsource_confirm

http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1463

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0040.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/486407/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28464

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28698

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/568-1/

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28438

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39499

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1019157

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200801-15.xml

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1071/references

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804

Scores

EPSS 0.0119

EPSS Percentile 79.1%

Details

CWE

CWE-189

Status published

Products (50)

postgresql/postgresql 7.3

postgresql/postgresql 7.3.1

postgresql/postgresql 7.3.2

postgresql/postgresql 7.3.3

postgresql/postgresql 7.3.4

postgresql/postgresql 7.3.6

postgresql/postgresql 7.3.8

postgresql/postgresql 7.3.9

postgresql/postgresql 7.3.10

postgresql/postgresql 7.3.11

... and 40 more

Published Jan 09, 2008

Tracked Since Feb 18, 2026