CVE-2014-2669

postgresql: multiple integer overflows in hstore_io.c

Severity Score

6.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow. NOTE: this issue was SPLIT from CVE-2014-0064 because it has a different set of affected versions.

Múltiples desbordamientos de enteros en contrib/hstore/hstore_io.c en PostgreSQL 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 permiten a usuarios remotos autenticados tener impacto no especificado a través de vectores relacionados con las funciones (1) hstore_recv, (2) hstore_from_arrays y (3) hstore_from_array en contrib/hstore/hstore_io.c; y la función (4) hstoreArrayToPairs en contrib/hstore/hstore_op.c, lo que provoca un desbordamiento de buffer. NOTA: Este problema fue dividido (SPLIT) de CVE-2014-0064 porque tiene un conjunto diferente de versiones afectadas.

*Credits: N/A

CVSS Scores

NISTv2 6.5

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-03-28 CVE Reserved
2014-03-28 CVE Published
2023-11-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors
CWE-190: Integer Overflow or Wraparound

CAPEC

References (10)

URL	Tag	Source
http://www.postgresql.org/support/security	X_refsource_confirm
https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2014-0221.html	2017-12-16
http://rhn.redhat.com/errata/RHSA-2014-0469.html	2017-12-16
http://wiki.postgresql.org/wiki/20140220securityrelease	2017-12-16
http://www.debian.org/security/2014/dsa-2864	2017-12-16
http://www.debian.org/security/2014/dsa-2865	2017-12-16
http://www.postgresql.org/about/news/1506	2017-12-16
https://access.redhat.com/security/cve/CVE-2014-2669	2014-05-12
https://bugzilla.redhat.com/show_bug.cgi?id=1082154	2014-05-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0 Search vendor "Postgresql" for product "Postgresql" and version "9.0"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.1 Search vendor "Postgresql" for product "Postgresql" and version "9.0.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.2 Search vendor "Postgresql" for product "Postgresql" and version "9.0.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.3 Search vendor "Postgresql" for product "Postgresql" and version "9.0.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.4 Search vendor "Postgresql" for product "Postgresql" and version "9.0.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.5 Search vendor "Postgresql" for product "Postgresql" and version "9.0.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.6 Search vendor "Postgresql" for product "Postgresql" and version "9.0.6"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.7 Search vendor "Postgresql" for product "Postgresql" and version "9.0.7"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.8 Search vendor "Postgresql" for product "Postgresql" and version "9.0.8"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.9 Search vendor "Postgresql" for product "Postgresql" and version "9.0.9"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.10 Search vendor "Postgresql" for product "Postgresql" and version "9.0.10"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.11 Search vendor "Postgresql" for product "Postgresql" and version "9.0.11"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.12 Search vendor "Postgresql" for product "Postgresql" and version "9.0.12"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.13 Search vendor "Postgresql" for product "Postgresql" and version "9.0.13"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.14 Search vendor "Postgresql" for product "Postgresql" and version "9.0.14"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.0.15 Search vendor "Postgresql" for product "Postgresql" and version "9.0.15"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.1 Search vendor "Postgresql" for product "Postgresql" and version "9.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.1.1 Search vendor "Postgresql" for product "Postgresql" and version "9.1.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.1.2 Search vendor "Postgresql" for product "Postgresql" and version "9.1.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.1.3 Search vendor "Postgresql" for product "Postgresql" and version "9.1.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.1.4 Search vendor "Postgresql" for product "Postgresql" and version "9.1.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.1.5 Search vendor "Postgresql" for product "Postgresql" and version "9.1.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.1.6 Search vendor "Postgresql" for product "Postgresql" and version "9.1.6"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.1.7 Search vendor "Postgresql" for product "Postgresql" and version "9.1.7"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.1.8 Search vendor "Postgresql" for product "Postgresql" and version "9.1.8"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.1.9 Search vendor "Postgresql" for product "Postgresql" and version "9.1.9"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.1.10 Search vendor "Postgresql" for product "Postgresql" and version "9.1.10"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.1.11 Search vendor "Postgresql" for product "Postgresql" and version "9.1.11"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2 Search vendor "Postgresql" for product "Postgresql" and version "9.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.1 Search vendor "Postgresql" for product "Postgresql" and version "9.2.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.2 Search vendor "Postgresql" for product "Postgresql" and version "9.2.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.3 Search vendor "Postgresql" for product "Postgresql" and version "9.2.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.4 Search vendor "Postgresql" for product "Postgresql" and version "9.2.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.2.5 Search vendor "Postgresql" for product "Postgresql" and version "9.2.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3 Search vendor "Postgresql" for product "Postgresql" and version "9.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.1 Search vendor "Postgresql" for product "Postgresql" and version "9.3.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				9.3.2 Search vendor "Postgresql" for product "Postgresql" and version "9.3.2"		-		Affected