CVE-2014-0066

PostgreSQL < 8.4.20, 9.0.x < 9.0.16, 9.1.x < 9.1.12, 9.2.x < 9.2.7, 9.3.x < 9.3.3 - DoS via chkpass

Title source: llm

Description

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

References (16)

Core 16

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0211.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0221.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0469.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0249.html

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT6448

Vendor Advisory x_refsource_confirm

http://wiki.postgresql.org/wiki/20140220securityrelease

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Vendor Advisory x_refsource_confirm

http://www.postgresql.org/about/news/1506/

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2120-1

Vendor Advisory x_refsource_confirm

https://support.apple.com/kb/HT6536

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html

Third Party Advisory vendor-advisory x_refsource_apple

http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-2864

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-2865

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html

Vendor Advisory x_refsource_confirm

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Scores

EPSS 0.0147

EPSS Percentile 81.2%

Details

CWE

CWE-20

Status published

Products (50)

postgresql/postgresql 8.4.1

postgresql/postgresql 8.4.2

postgresql/postgresql 8.4.3

postgresql/postgresql 8.4.4

postgresql/postgresql 8.4.5

postgresql/postgresql 8.4.6

postgresql/postgresql 8.4.7

postgresql/postgresql 8.4.8

postgresql/postgresql 8.4.9

postgresql/postgresql 8.4.10

... and 40 more

Published Mar 31, 2014

Tracked Since Feb 18, 2026