CVE-2007-4769

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

Link	Resource
http://www.postgresql.org/about/news.905
http://www.securityfocus.com/bid/27163	Patch
http://securitytracker.com/id?1019157
http://secunia.com/advisories/28359	Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
https://issues.rpath.com/browse/RPL-1768
http://www.debian.org/security/2008/dsa-1460
http://www.debian.org/security/2008/dsa-1463
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
http://www.redhat.com/support/errata/RHSA-2008-0038.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
http://secunia.com/advisories/28376	Vendor Advisory
http://secunia.com/advisories/28438	Vendor Advisory
http://secunia.com/advisories/28437	Vendor Advisory
http://secunia.com/advisories/28454	Vendor Advisory
http://secunia.com/advisories/28464	Vendor Advisory
http://secunia.com/advisories/28477
http://secunia.com/advisories/28479	Vendor Advisory
http://secunia.com/advisories/28455	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200801-15.xml
http://secunia.com/advisories/28679	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
http://secunia.com/advisories/28698	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0040.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
http://secunia.com/advisories/29638	Vendor Advisory
http://www.vupen.com/english/advisories/2008/1071/references
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
http://www.vupen.com/english/advisories/2008/0109	Vendor Advisory
http://www.vupen.com/english/advisories/2008/0061	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39499
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804
https://usn.ubuntu.com/568-1/
http://www.securityfocus.com/archive/1/486407/100/0/threaded
http://www.securityfocus.com/archive/1/485864/100/0/threaded

Configuration 1

cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:tcl_tk:tcl_tk:*:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.19:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.0.317:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*

---

Published : 2008-01-09 09:46

Updated : 2018-10-15 09:37

---

NVD link : CVE-2007-4769

Mitre link : CVE-2007-4769

No products.

CWE-189