Vulnerability Details : CVE-2007-0556
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.
Vulnerability category: Denial of service
Products affected by CVE-2007-0556
- cpe:2.3:a:postgresql:postgresql:6.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.17:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.18:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*
Threat overview for CVE-2007-0556
Top countries where our scanners detected CVE-2007-0556
Top open port discovered on systems with this issue
5432
IPs affected by CVE-2007-0556 8,692
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-0556!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-0556
0.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0556
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.6
|
MEDIUM | AV:N/AC:H/Au:S/C:C/I:N/A:C |
3.9
|
9.2
|
NIST |
References for CVE-2007-0556
-
http://www.redhat.com/support/errata/RHSA-2007-0067.html
Support
-
https://usn.ubuntu.com/417-1/
-
http://www.securityfocus.com/bid/22387
-
http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html
-
http://fedoranews.org/cms/node/2554
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1
-
http://www.vupen.com/english/advisories/2007/0774
-
https://issues.rpath.com/browse/RPL-830
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11353
-
http://security.gentoo.org/glsa/glsa-200703-15.xml
-
https://issues.rpath.com/browse/RPL-1025
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:037
-
http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
ASA-2007-117 (RHSA-2007-0067)
-
http://www.redhat.com/support/errata/RHSA-2007-0068.html
Support
-
http://www.vupen.com/english/advisories/2007/0478
-
http://www.novell.com/linux/security/advisories/2007_10_sr.html
Security - Support | SUSE
-
http://www.securityfocus.com/archive/1/459448/100/0/threaded
-
http://www.securityfocus.com/archive/1/459280/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32191
-
http://securitytracker.com/id?1017597
-
http://www.postgresql.org/support/security
PostgreSQL: Security Information
-
http://www.ubuntu.com/usn/usn-417-2
-
http://www.trustix.org/errata/2007/0007
Trustix | Empowering Trust and Security in the Digital Age
Jump to