Buffer overflow in the gettoken function in contrib...
Moderate severity Unreviewed PublishedMay 17, 2022 to the GitHub Advisory Database • UpdatedApr 11, 2025
Description
Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
References
- https://nvd.nist.gov/vuln/detail/CVE-2010-4015
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65060
- http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://marc.info/?l=bugtraq&m=134124585221119&w=2
- http://osvdb.org/70740
- http://secunia.com/advisories/43144
- http://secunia.com/advisories/43154
- http://secunia.com/advisories/43155
- http://secunia.com/advisories/43187
- http://secunia.com/advisories/43188
- http://secunia.com/advisories/43240
- http://www.debian.org/security/2011/dsa-2157
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:021
- http://www.postgresql.org/about/news.1289
- http://www.postgresql.org/support/security
- http://www.redhat.com/support/errata/RHSA-2011-0197.html
- http://www.redhat.com/support/errata/RHSA-2011-0198.html
- http://www.securityfocus.com/bid/46084
- http://www.ubuntu.com/usn/USN-1058-1
- http://www.vupen.com/english/advisories/2011/0262
- http://www.vupen.com/english/advisories/2011/0278
- http://www.vupen.com/english/advisories/2011/0283
- http://www.vupen.com/english/advisories/2011/0287
- http://www.vupen.com/english/advisories/2011/0299
- http://www.vupen.com/english/advisories/2011/0303
- http://www.vupen.com/english/advisories/2011/0349
- http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commitdiff%3Bh=7ccb6dc2d3e266a551827bb99179708580f72431
Published by theNational Vulnerability DatabaseFeb 2, 2011
Published to the GitHub Advisory DatabaseMay 17, 2022
Last updatedApr 11, 2025
Severity
Moderate
EPSS score
(88th percentile)
Weaknesses
No CWEs
CVE ID
CVE-2010-4015
GHSA ID
GHSA-pp9j-974q-cm92
Source code
No known source code
Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.
LoadingChecking history
Uh oh!
There was an error while loading.Please reload this page.
See something to contribute?Suggest improvements for this vulnerability.