CVE-2006-5540

MEDIUM severity · CVSS 4

4CVSS MEDIUM

Summary

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impactNone

Integrity impactNone

Availability impact—

Exploit probability (EPSS)2%

AV:N/AC:L/Au:S/C:N/I:N/A:P

Affected products we track (1)

PostgreSQL

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: http://secunia.com/advisories/22562 ↗

Additional information

NVD record
http://secunia.com/advisories/22562Patch
http://secunia.com/advisories/22584Patch
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://projects.commandprompt.com/public/pgsql/changeset/25504
http://secunia.com/advisories/22606
http://secunia.com/advisories/22636
http://secunia.com/advisories/23048
http://secunia.com/advisories/23132