// For flags

CVE-2007-4772

postgresql DoS via infinite loop in regex NFA optimization code

Severity Score

10.0
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

El intérprete de expresiones regulares en TCL en versiones anteriores a 8.4.17, como se utiliza en PostgreSQL 8.2 en versiones anteriores a 8.2.6, 8.1 en versiones anteriores a 8.1.11, 8.0 en versiones anteriores a 8.0.15 y 7.4 en versiones anteriores a 7.4.19, permite a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito) a través de una expresión regular manipulada.

Index Functions Privilege Escalation: as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Regular Expression Denial-of-Service: three separate issues in the regular expression libraries used by PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. DBLink Privilege Escalation: DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle , but that patch failed to close all forms of the loophole.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Local
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-09-10 CVE Reserved
  • 2008-01-09 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-07-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
  • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (55)
URL Tag Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory
http://secunia.com/advisories/28359 Third Party Advisory
http://secunia.com/advisories/28376 Third Party Advisory
http://secunia.com/advisories/28437 Third Party Advisory
http://secunia.com/advisories/28438 Third Party Advisory
http://secunia.com/advisories/28454 Third Party Advisory
http://secunia.com/advisories/28455 Third Party Advisory
http://secunia.com/advisories/28464 Third Party Advisory
http://secunia.com/advisories/28477 Third Party Advisory
http://secunia.com/advisories/28479 Third Party Advisory
http://secunia.com/advisories/28679 Third Party Advisory
http://secunia.com/advisories/28698 Third Party Advisory
http://secunia.com/advisories/29070 Third Party Advisory
http://secunia.com/advisories/29248 Third Party Advisory
http://secunia.com/advisories/29638 Third Party Advisory
http://secunia.com/advisories/30535 Third Party Advisory
http://securitytracker.com/id?1019157 Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894 Third Party Advisory
http://www.securityfocus.com/archive/1/485864/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/486407/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/493080/100/0/threaded Mailing List
http://www.vmware.com/security/advisories/VMSA-2008-0009.html Third Party Advisory
http://www.vupen.com/english/advisories/2008/0061 Third Party Advisory
http://www.vupen.com/english/advisories/2008/0109 Third Party Advisory
http://www.vupen.com/english/advisories/2008/1071/references Third Party Advisory
http://www.vupen.com/english/advisories/2008/1744 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/39497 Third Party Advisory
https://issues.rpath.com/browse/RPL-1768 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569 Signature
URL Date SRC
http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894 2024-08-07
URL Date SRC
http://www.securityfocus.com/bid/27163 2019-10-09
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 2019-10-09
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html 2019-10-09
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html 2019-10-09
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html 2019-10-09
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html 2019-10-09
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html 2019-10-09
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html 2019-10-09
http://rhn.redhat.com/errata/RHSA-2013-0122.html 2019-10-09
http://security.gentoo.org/glsa/glsa-200801-15.xml 2019-10-09
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 2019-10-09
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 2019-10-09
http://www.debian.org/security/2008/dsa-1460 2019-10-09
http://www.debian.org/security/2008/dsa-1463 2019-10-09
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 2019-10-09
http://www.mandriva.com/security/advisories?name=MDVSA-2008:059 2019-10-09
http://www.postgresql.org/about/news.905 2019-10-09
http://www.redhat.com/support/errata/RHSA-2008-0038.html 2019-10-09
http://www.redhat.com/support/errata/RHSA-2008-0040.html 2019-10-09
http://www.redhat.com/support/errata/RHSA-2008-0134.html 2019-10-09
https://usn.ubuntu.com/568-1 2019-10-09
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html 2019-10-09
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html 2019-10-09
https://access.redhat.com/security/cve/CVE-2007-4772 2013-01-08
https://bugzilla.redhat.com/show_bug.cgi?id=316511 2013-01-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Postgresql
Search vendor "Postgresql"
 Postgresql
Search vendor "Postgresql" for product "Postgresql"
 >= 7.4 < 7.4.19
Search vendor "Postgresql" for product "Postgresql" and version " >= 7.4 < 7.4.19"
-
Affected
Postgresql
Search vendor "Postgresql"
 Postgresql
Search vendor "Postgresql" for product "Postgresql"
 >= 8.0 < 8.0.15
Search vendor "Postgresql" for product "Postgresql" and version " >= 8.0 < 8.0.15"
-
Affected
Postgresql
Search vendor "Postgresql"
 Postgresql
Search vendor "Postgresql" for product "Postgresql"
 >= 8.1 < 8.1.11
Search vendor "Postgresql" for product "Postgresql" and version " >= 8.1 < 8.1.11"
-
Affected
Postgresql
Search vendor "Postgresql"
 Postgresql
Search vendor "Postgresql" for product "Postgresql"
 >= 8.2 < 8.2.6
Search vendor "Postgresql" for product "Postgresql" and version " >= 8.2 < 8.2.6"
-
Affected
Tcl
Search vendor "Tcl"
 Tcl\/tk
Search vendor "Tcl" for product "Tcl\/tk"
 < 8.4.17
Search vendor "Tcl" for product "Tcl\/tk" and version " < 8.4.17"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 3.1
Search vendor "Debian" for product "Debian Linux" and version "3.1"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected