CVE-2009-0922

PostgreSQL < 8.3.7 DoS via Localized Error Message Encoding

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0922. PoCs published by Afonin Denis.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in PostgreSQL by creating malicious default conversions that disrupt client encoding, causing the server to terminate connections.

Description

PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Afonin Denis · textdoslinux
https://www.exploit-db.com/exploits/32849

This exploit demonstrates a denial-of-service vulnerability in PostgreSQL by creating malicious default conversions that disrupt client encoding, causing the server to terminate connections.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PostgreSQL (versions affected by CVE-2009-0922)
Auth required
Prerequisites: Access to a PostgreSQL server with sufficient privileges to create conversions
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (24)

Core 24
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.postgresql.org/about/news.1065
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021860
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1067.html
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34090
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10874
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134124585221119&w=2
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/03/11/4
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-258808-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34453
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0767
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503598/100/0/threaded
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517405
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:079
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35100
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=488156
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2009-0086
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1316
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6252
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020455.1-1

Scores

EPSS 0.0910
EPSS Percentile 92.8%

Details

CWE
CWE-399
Status published
Products (5)
postgresql/postgresql 7.4.24
postgresql/postgresql 8.0.20
postgresql/postgresql 8.1.16
postgresql/postgresql 8.2.12
postgresql/postgresql 8.3.6
Published Mar 17, 2009
Tracked Since Feb 18, 2026