SB2023011948 - Input validation error in PostgreSQL
Published: January 19, 2023 Updated: June 23, 2025
Security Bulletin ID
SB2023011948
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2007-0555)
The vulnerability allows a remote user to read data or crash the application.
PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
Remediation
Install update from vendor's website.
References
- http://www.postgresql.org/support/security
- http://secunia.com/advisories/24033
- http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html
- https://issues.rpath.com/browse/RPL-830
- https://issues.rpath.com/browse/RPL-1025
- http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
- http://www.debian.org/security/2007/dsa-1261
- http://fedoranews.org/cms/node/2554
- http://security.gentoo.org/glsa/glsa-200703-15.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:037
- http://www.redhat.com/support/errata/RHSA-2007-0064.html
- http://www.redhat.com/support/errata/RHSA-2007-0067.html
- http://www.redhat.com/support/errata/RHSA-2007-0068.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1
- http://www.trustix.org/errata/2007/0007
- http://www.ubuntu.com/usn/usn-417-2
- http://www.securityfocus.com/bid/22387
- http://securitytracker.com/id?1017597
- http://secunia.com/advisories/24028
- http://secunia.com/advisories/24057
- http://secunia.com/advisories/24050
- http://secunia.com/advisories/24042
- http://secunia.com/advisories/24094
- http://secunia.com/advisories/24151
- http://secunia.com/advisories/24158
- http://secunia.com/advisories/24315
- http://secunia.com/advisories/24513
- http://secunia.com/advisories/24577
- http://www.novell.com/linux/security/advisories/2007_10_sr.html
- http://secunia.com/advisories/25220
- ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
- http://secunia.com/advisories/24284
- http://osvdb.org/33087
- http://www.vupen.com/english/advisories/2007/0478
- http://www.vupen.com/english/advisories/2007/0774
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32195
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9739
- https://usn.ubuntu.com/417-1/
- http://www.securityfocus.com/archive/1/459448/100/0/threaded
- http://www.securityfocus.com/archive/1/459280/100/0/threaded