Input validation error in PostgreSQL

Published: 2013-02-13 | Updated: 2020-07-28

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2013-0255
CWE-ID	CWE-20
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	PostgreSQL Server applications / Database software
Vendor	PostgreSQL Global Development Group

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU32715

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2013-0255

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PostgreSQL: 9.2.0 - 9.2.2

CPE2.3

cpe:2.3:a:postgresql_global_development_group:postgresql:9.2.2:*:*:*:*:*:*:*

External links

https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html
https://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html
https://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html
https://osvdb.org/89935
https://rhn.redhat.com/errata/RHSA-2013-1475.html
https://secunia.com/advisories/51923
https://secunia.com/advisories/52819
https://securitytracker.com/id?1028092
https://www.debian.org/security/2013/dsa-2630
https://www.mandriva.com/security/advisories?name=MDVSA-2013:142
https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://www.postgresql.org/docs/8.3/static/release-8-3-23.html
https://www.postgresql.org/docs/8.4/static/release-8-4-16.html
https://www.postgresql.org/docs/9.0/static/release-9-0-12.html
https://www.postgresql.org/docs/9.1/static/release-9-1-8.html
https://www.postgresql.org/docs/9.2/static/release-9-2-3.html
https://www.securityfocus.com/bid/57844
https://www.ubuntu.com/usn/USN-1717-1
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index
https://bugzilla.redhat.com/show_bug.cgi?id=907892
https://exchange.xforce.ibmcloud.com/vulnerabilities/81917

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.