Rapid7 Vulnerability & Exploit Database

PostgreSQL 'tsearch2' Module Denial of Service Vulnerability

Back to Search

PostgreSQL 'tsearch2' Module Denial of Service Vulnerability

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Published
05/04/2005
Created
07/25/2018
Added
11/26/2007
Modified
02/24/2013

Description

The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.

Solution(s)

  • postgres-upgrade-7_4_8
  • postgres-upgrade-8_0_3

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;