CVE-2002-1401

MEDIUM severity · CVSS 6.5 · Memory corruption

6.5CVSS MEDIUM

Summary

Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impact—

Integrity impact—

Availability impact—

Exploit probability (EPSS)1%

AV:N/AC:L/Au:S/C:P/I:P/A:P

Affected products we track (1)

PostgreSQL

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: http://www.debian.org/security/2002/dsa-165 ↗

Additional information

NVD record
http://www.debian.org/security/2002/dsa-165Patch
http://archives.postgresql.org/pgsql-hackers/2002-08/msg02047.phpAdvisory
http://archives.postgresql.org/pgsql-hackers/2002-08/msg02047.phpAdvisory
http://archives.postgresql.org/pgsql-hackers/2002-08/msg02081.php
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524
http://secunia.com/advisories/8034
http://www.redhat.com/support/errata/RHSA-2003-001.html
http://archives.postgresql.org/pgsql-hackers/2002-08/msg02081.php