Denial of Service Vulnerability in PostgreSQL by TCL Regular Expression Parser
CVE-2007-4769

Currently unrated

Key Information:

Vendor: Postgresql
Status: Postgresql; Tcl Tk
Vendor: CVE Published:; 9 January 2008

What is CVE-2007-4769?

The regular expression parser in the TCL language, utilized by various versions of PostgreSQL, has a flaw that permits remote authenticated users to exploit an out-of-bounds backreference number. This misconfiguration can lead to a denial of service by crashing the backend, jeopardizing the availability of the database service. It's crucial for users of affected PostgreSQL versions to apply patches or updates to mitigate the risk associated with this vulnerability.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://www.debian.org/security/2008/dsa-1460

vendor-advisoryx_refsource_DEBIAN

http://www.securityfocus.com/bid/27163

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2008
Vulnerability Reserved
Sep 10, 2007

Postgresql

What is CVE-2007-4769?

References

Timeline