Vulnerability Details : CVE-2005-0247
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.
Vulnerability category: OverflowExecute code
Products affected by CVE-2005-0247
- cpe:2.3:a:postgresql:postgresql:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
Threat overview for CVE-2005-0247
Top countries where our scanners detected CVE-2005-0247
Top open port discovered on systems with this issue
5432
IPs affected by CVE-2005-0247 1,130
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2005-0247!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2005-0247
69.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-0247
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2005-0247
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-0247
-
http://www.debian.org/security/2005/dsa-683
-
http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php
Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/19375
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/19376
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9345
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/19378
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/19377
-
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
404 Page Not Found | SUSE
-
http://www.gentoo.org/security/en/glsa/glsa-200502-19.xml
Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=110806034116082&w=2
'[USN-79-1] PostgreSQL vulnerabilities' - MARC
-
http://www.redhat.com/support/errata/RHSA-2005-138.html
SupportPatch;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2005-150.html
SupportPatch;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
Page not found - Mandriva.com
-
http://www.securityfocus.com/bid/12417
-
http://www.novell.com/linux/security/advisories/2005_27_postgresql.html
Patch;Vendor Advisory
Jump to