Description
Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query.
References (3)
Core 3
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1817
Various Sources x_refsource_misc
http://www.nth-dimension.org.uk/utils/get.php?downloadsid=55
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504737/100/0/threaded
Scores
EPSS
0.0393
EPSS Percentile
89.1%
Details
CWE
CWE-119
Status
published
Products (1)
dan_cahill/nulllogic_groupware
1.2.7
Published
Jul 07, 2009
Tracked Since
Feb 18, 2026