CVE-2005-0247

Publication date 2 May 2005

Last updated 24 July 2024

Ubuntu priority

Unknown

Why this priority?

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.

Status

Package Ubuntu Release Status
postgresql 7.04 feisty Not in release
6.10 edgy
Not affected
6.06 LTS dapper
Not affected
postgresql-7.4 7.04 feisty Not in release
6.10 edgy
Fixed 7.4.12-3
6.06 LTS dapper
Fixed 7.4.12-3
postgresql-8.0 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper
Fixed 8.0.7-2build1
postgresql-8.1 7.04 feisty
Fixed 8.1.8-1ubuntu3
6.10 edgy
Fixed 8.1.9-0ubuntu0.6.10
6.06 LTS dapper
Fixed 8.1.9-0ubuntu0.6.06
postgresql-8.2 7.04 feisty
Fixed 8.2.4-0ubuntu0.7.04
6.10 edgy Not in release
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-79-1
    • PostgreSQL vulnerabilities
    • 11 February 2005

Other references