| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability CVE-2010-0733
PostgreSQL: denial of service via JOIN
Synthesis of the vulnerability
| An authenticated attacker can create a query containing numerous JOINs, in order to stop PostgreSQL. |
Severity: 1/4.
Creation date: 10/03/2010.
|
Description of the vulnerability
The JOIN directive of the SQL language is used to create a join between two tables.
When a join is done on an indexed field of a table, the ExecChooseHashTableSize() function of the src/backend/executor/nodeHash.c file estimates the required memory size via a multiplication. However, this multiplication can overflow, which corrupts the memory.
An authenticated attacker can therefore create a query containing numerous JOINs, in order to stop PostgreSQL. |
Complete Vigil@nce bulletin
Characteristics
Title: PostgreSQL: denial of service via JOIN.
Keywords: ExecChooseHashTableSize JOIN JOINs PostgreSQL SQL denial nodeHash service.
Identifiers: 30 Oct 2009 15:03:50, 5145, 546621, BID-38619, CVE-2010-0733, RHSA-2010:0427-01, RHSA-2010:0428-01, RHSA-2010:0429-01, VIGILANCE-VUL-9510.
|
Information sources
Solutions for this vulnerability
Supplements
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerability bulletins
|
