Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 308063 (CVE-2010-0442) - dev-db/postgresql-server: DOS (CVE-2010-0442)
Summary: dev-db/postgresql-server: DOS (CVE-2010-0442)
Alias: CVE-2010-0442
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa]
Depends on: CVE-2010-1169
  Show dependency tree
Reported: 2010-03-06 15:51 UTC by Stefan Behte (RETIRED)
Modified: 2011-10-25 07:51 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 15:51:47 UTC
CVE-2010-0442 (
  The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL
  8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause
  a denial of service (daemon crash) or have unspecified other impact
  via vectors involving a negative integer in the third argument, as
  demonstrated by a SELECT statement that contains a call to the
  substring function for a bit string, related to an "overflow."
Comment 1 Patrick Lauer gentoo-dev 2010-06-16 18:57:27 UTC
This should be fixed with the stabilizations requested in #320967
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-08-01 12:37:34 UTC
Thanks for the info patrich; adding dependency.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2011-10-25 07:51:13 UTC
This issue was resolved and addressed in
 GLSA 201110-22 at
by GLSA coordinator Alex Legler (a3li).