Vulnerability Details : CVE-2014-0063
Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
Vulnerability category: OverflowExecute codeDenial of service
Threat overview for CVE-2014-0063
Top countries where our scanners detected CVE-2014-0063
Top open port discovered on systems with this issue
5432
IPs affected by CVE-2014-0063 93,685
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-0063!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-0063
Probability of exploitation activity in the next 30 days: 92.75%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-0063
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2014-0063
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0063
-
http://rhn.redhat.com/errata/RHSA-2014-0211.html
RHSA-2014:0211 - Security Advisory - Red Hat Customer Portal
-
http://www.postgresql.org/support/security/
PostgreSQL: Security Information
-
http://wiki.postgresql.org/wiki/20140220securityrelease
20140220securityrelease - PostgreSQL wikiVendor Advisory
-
http://www.debian.org/security/2014/dsa-2864
Debian -- Security Information -- DSA-2864-1 postgresql-8.4
-
http://secunia.com/advisories/61307
Sign in
-
http://support.apple.com/kb/HT6448
About the security content of OS X Server v3.2.1 - Apple Support
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
-
http://www.ubuntu.com/usn/USN-2120-1
USN-2120-1: PostgreSQL vulnerabilities | Ubuntu security notices
-
http://rhn.redhat.com/errata/RHSA-2014-0249.html
RHSA-2014:0249 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html
openSUSE-SU-2014:0345-1: moderate: postgresql92: update to 9.2.7 securit
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Oracle Critical Patch Update - October 2017
-
http://www.postgresql.org/about/news/1506/
PostgreSQL: PostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16 and 8.4.20 released!Vendor Advisory
-
https://support.apple.com/kb/HT6536
About the security content of OS X Server v4.0 - Apple Support
-
http://www.debian.org/security/2014/dsa-2865
Debian -- Security Information -- DSA-2865-1 postgresql-9.1
-
https://github.com/postgres/postgres/commit/4318daecc959886d001a6e79c6ea853e8b1dfb4b
Fix handling of wide datetime input/output. · postgres/postgres@4318dae · GitHub
-
http://www.securityfocus.com/bid/65719
PostgreSQL CVE-2014-0063 Remote Stack Buffer Overflow Vulnerability
-
http://rhn.redhat.com/errata/RHSA-2014-0469.html
RHSA-2014:0469 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=1065226
1065226 – (CVE-2014-0063) CVE-2014-0063 postgresql: stack-based buffer overflow in datetime input/output
-
http://rhn.redhat.com/errata/RHSA-2014-0221.html
RHSA-2014:0221 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html
openSUSE-SU-2014:0368-1: moderate: postgresql: updates to 9.0.16 securit
Products affected by CVE-2014-0063
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.17:*:*:*:*:*:*:*