CVE-2014-0063
Description
Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
Risk Information
Base Score
10.0
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
5.777
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Postgresql 9.3.2 | Windows |
| Multiple vulnerabilities are fixed in PostgreSQL 9.3.3 | Windows |
| Multiple vulnerabilities are fixed in PostgreSQL 9.2.7 | Windows |
| Multiple vulnerabilities are fixed in PostgreSQL 9.1.12 | Windows |
| Multiple vulnerabilities are fixed in PostgreSQL 9.0.16 | Windows |
| Multiple vulnerabilities are fixed in PostgreSQL 8.4.20 | Windows |
| Multiple Vulnerabilities are affected in Postgresql 9.3.2 (For Linux) | Linux |
| Multiple vulnerabilities are fixed in PostgreSQL 9.3.3 (For Linux) | Linux |
| Multiple vulnerabilities are fixed in PostgreSQL 9.2.7 (For Linux) | Linux |
| Multiple vulnerabilities are fixed in PostgreSQL 9.1.12 (For Linux) | Linux |
| Multiple vulnerabilities are fixed in PostgreSQL 9.0.16 (For Linux) | Linux |
| Multiple vulnerabilities are fixed in PostgreSQL 8.4.20 (For Linux) | Linux |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-0063) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234