CVE-2002-1398

MEDIUM severity · CVSS 4.6

4.6CVSS MEDIUM

Summary

Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input."

Impact & exploitability

Attack vectorLocal

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impact—

Integrity impact—

Availability impact—

Exploit probability (EPSS)0%

AV:L/AC:L/Au:N/C:P/I:P/A:P

Affected products we track (1)

PostgreSQL

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
http://marc.info/?l=bugtraq&m=102978152712430&w=2
http://marc.info/?l=bugtraq&m=102996089613404&w=2
http://marc.info/?l=bugtraq&m=103021186622725&w=2
http://marc.info/?l=bugtraq&m=103036987114437&w=2
http://marc.info/?l=postgresql-announce&m=103062536330644
http://secunia.com/advisories/8034
http://www.debian.org/security/2002/dsa-165