Upstream information
Description
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 6.5 |
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SA:2005:027, published Wed, 20 Apr 2005 09:00:00 +0000
- SUSE-SA:2005:036, published Fri, 24 Jun 2005 12:01:00
- SUSE-SR:2005:005, published Friday, Feb 18th 2005 18:00 MEST
- SUSE-SR:2005:006, published Fri, 25 Feb 2005 15:00:00 +0000
- SUSE-SR:2005:007, published Fri, 04 Mar 2005 16:00:00 +0000
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 00:58:43 2013CVE page last modified: Mon Oct 6 18:14:38 2025