CVE-2009-0922
PostgreSQL 8.3.6 - Conversion Encoding Remote Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
PostgreSQL en versiones anteriores a 8.3.7, 8.2.13, 8.1.17, 8.0.21 y 7.4.25 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de pila y caída) desencadenando un fallo en la conversión de un mensaje de error localizado en el cifrado para un cliente especificado, como se demuestra usando peticiones de conversión de codificación no coincidentes.
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. This update provides a fix for this vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-03-17 CVE Reserved
- 2009-03-17 CVE Published
- 2014-04-14 First Exploit
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (26)
| URL | Tag | Source |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517405 | X_refsource_confirm | |
| http://wiki.rpath.com/Advisories:rPSA-2009-0086 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2009/03/11/4 | Mailing List |
|
| http://www.securityfocus.com/archive/1/503598/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1021860 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10874 | Signature | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6252 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/32849 | 2014-04-14 | |
| http://archives.postgresql.org//pgsql-bugs/2009-02/msg00176.php | 2024-08-07 | |
| http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php | 2024-08-07 | |
| http://www.securityfocus.com/bid/34090 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.postgresql.org/about/news.1065 | 2018-10-10 | |
| http://www.vupen.com/english/advisories/2009/0767 | 2018-10-10 | |
| http://www.vupen.com/english/advisories/2009/1316 | 2018-10-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 7.4.24 Search vendor "Postgresql" for product "Postgresql" and version "7.4.24" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.0.20 Search vendor "Postgresql" for product "Postgresql" and version "8.0.20" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.1.16 Search vendor "Postgresql" for product "Postgresql" and version "8.1.16" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.2.12 Search vendor "Postgresql" for product "Postgresql" and version "8.2.12" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.6 Search vendor "Postgresql" for product "Postgresql" and version "8.3.6" | - |
Affected
| ||||||