CVE-2007-0556
Description
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a previously made query plan, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an ALTER COLUMN TYPE SQL statement, which can be leveraged to read arbitrary memory from the server.
Risk Information
Base Score
8.1
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
1.495
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2007-0556,CVE-2007-2138 are affected in Postgresql 8.2.1 | Windows |
| Vulnerabilities CVE-2007-0556,CVE-2007-0555 are fixed in PostgreSQL 8.2.2 | Windows |
| Vulnerabilities CVE-2007-0556,CVE-2007-0555 are fixed in PostgreSQL 8.1.7 | Windows |
| Vulnerabilities CVE-2007-0556,CVE-2007-0555 are fixed in PostgreSQL 8.0.11 | Windows |
| Vulnerability CVE-2007-0556,CVE-2007-2138 are affected in Postgresql 8.2.1 (For Linux) | Linux |
| Vulnerabilities CVE-2007-0556,CVE-2007-0555 are fixed in PostgreSQL 8.2.2 (For Linux) | Linux |
| Vulnerabilities CVE-2007-0556,CVE-2007-0555 are fixed in PostgreSQL 8.1.7 (For Linux) | Linux |
| Vulnerabilities CVE-2007-0556,CVE-2007-0555 are fixed in PostgreSQL 8.0.11 (For Linux) | Linux |
| Postgresql-server update (ELSA-2024-10882) postgresql-server-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-pltcl update (ELSA-2024-10882) postgresql-pltcl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plpython update (ELSA-2024-10882) postgresql-plpython-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plperl update (ELSA-2024-10882) postgresql-plperl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-docs update (ELSA-2024-10882) postgresql-docs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-contrib update (ELSA-2024-10882) postgresql-contrib-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-test update (ELSA-2024-10882) postgresql-test-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| CVE-2007-0556 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234