Your submission was sent successfully! Close

CVE-2010-0733

Published: 19 March 2010

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.

Priority

Medium

Status

Package Release Status
postgresql-7.4
Launchpad, Ubuntu, Debian
Upstream Needs triage

postgresql-8.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

postgresql-8.1
Launchpad, Ubuntu, Debian
Upstream
Released (8.1.19)
postgresql-8.2
Launchpad, Ubuntu, Debian
Upstream
Released (8.2.15)
postgresql-8.3
Launchpad, Ubuntu, Debian
Upstream
Released (8.3.9)
postgresql-8.4
Launchpad, Ubuntu, Debian
Upstream
Released (8.4.2)
Patches:
Upstream: http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=64b057e6823655fb6c5d1f24a28f236b94dd6c54