CVE-2005-0247
Description
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.95
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2005-0247 are affected in Postgresql 8.0.1 | Windows |
| Vulnerabilities CVE-2005-1410,CVE-2005-1409,CVE-2005-0247 are fixed in PostgreSQL 7.4.8 | Windows |
| Vulnerabilities CVE-2005-0247 are fixed in PostgreSQL 8.0.2 | Windows |
| Vulnerability CVE-2005-0247 are affected in Postgresql 8.0.1 (For Linux) | Linux |
| Vulnerabilities CVE-2005-1410,CVE-2005-1409,CVE-2005-0247 are fixed in PostgreSQL 7.4.8 (For Linux) | Linux |
| Vulnerabilities CVE-2005-0247 are fixed in PostgreSQL 8.0.2 (For Linux) | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234