CVE-2007-4769

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-4769
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
http://secunia.com/advisories/28359 Vendor Advisory
http://secunia.com/advisories/28376 Vendor Advisory
http://secunia.com/advisories/28437 Vendor Advisory
http://secunia.com/advisories/28438 Vendor Advisory
http://secunia.com/advisories/28454 Vendor Advisory
http://secunia.com/advisories/28455 Vendor Advisory
http://secunia.com/advisories/28464 Vendor Advisory
http://secunia.com/advisories/28477
http://secunia.com/advisories/28479 Vendor Advisory
http://secunia.com/advisories/28679 Vendor Advisory
http://secunia.com/advisories/28698 Vendor Advisory
http://secunia.com/advisories/29638 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200801-15.xml
http://securitytracker.com/id?1019157
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
http://www.debian.org/security/2008/dsa-1460
http://www.debian.org/security/2008/dsa-1463
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
http://www.postgresql.org/about/news.905
http://www.redhat.com/support/errata/RHSA-2008-0038.html
http://www.redhat.com/support/errata/RHSA-2008-0040.html
http://www.securityfocus.com/archive/1/485864/100/0/threaded
http://www.securityfocus.com/archive/1/486407/100/0/threaded
http://www.securityfocus.com/bid/27163 Patch
http://www.vupen.com/english/advisories/2008/0061 Vendor Advisory
http://www.vupen.com/english/advisories/2008/0109 Vendor Advisory
http://www.vupen.com/english/advisories/2008/1071/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/39499
https://issues.rpath.com/browse/RPL-1768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804
https://usn.ubuntu.com/568-1/
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
http://secunia.com/advisories/28359 Vendor Advisory
http://secunia.com/advisories/28376 Vendor Advisory
http://secunia.com/advisories/28437 Vendor Advisory
http://secunia.com/advisories/28438 Vendor Advisory
http://secunia.com/advisories/28454 Vendor Advisory
http://secunia.com/advisories/28455 Vendor Advisory
http://secunia.com/advisories/28464 Vendor Advisory
http://secunia.com/advisories/28477
http://secunia.com/advisories/28479 Vendor Advisory
http://secunia.com/advisories/28679 Vendor Advisory
http://secunia.com/advisories/28698 Vendor Advisory
http://secunia.com/advisories/29638 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200801-15.xml
http://securitytracker.com/id?1019157
http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
http://www.debian.org/security/2008/dsa-1460
http://www.debian.org/security/2008/dsa-1463
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
http://www.postgresql.org/about/news.905
http://www.redhat.com/support/errata/RHSA-2008-0038.html
http://www.redhat.com/support/errata/RHSA-2008-0040.html
http://www.securityfocus.com/archive/1/485864/100/0/threaded
http://www.securityfocus.com/archive/1/486407/100/0/threaded
http://www.securityfocus.com/bid/27163 Patch
http://www.vupen.com/english/advisories/2008/0061 Vendor Advisory
http://www.vupen.com/english/advisories/2008/0109 Vendor Advisory
http://www.vupen.com/english/advisories/2008/1071/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/39499
https://issues.rpath.com/browse/RPL-1768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804
https://usn.ubuntu.com/568-1/
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.19:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.317:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:tcl_tk:tcl_tk:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:36

Type Values Removed Values Added
References () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 - () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 -
References () http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html - () http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html -
References () http://secunia.com/advisories/28359 - Vendor Advisory () http://secunia.com/advisories/28359 - Vendor Advisory
References () http://secunia.com/advisories/28376 - Vendor Advisory () http://secunia.com/advisories/28376 - Vendor Advisory
References () http://secunia.com/advisories/28437 - Vendor Advisory () http://secunia.com/advisories/28437 - Vendor Advisory
References () http://secunia.com/advisories/28438 - Vendor Advisory () http://secunia.com/advisories/28438 - Vendor Advisory
References () http://secunia.com/advisories/28454 - Vendor Advisory () http://secunia.com/advisories/28454 - Vendor Advisory
References () http://secunia.com/advisories/28455 - Vendor Advisory () http://secunia.com/advisories/28455 - Vendor Advisory
References () http://secunia.com/advisories/28464 - Vendor Advisory () http://secunia.com/advisories/28464 - Vendor Advisory
References () http://secunia.com/advisories/28477 - () http://secunia.com/advisories/28477 -
References () http://secunia.com/advisories/28479 - Vendor Advisory () http://secunia.com/advisories/28479 - Vendor Advisory
References () http://secunia.com/advisories/28679 - Vendor Advisory () http://secunia.com/advisories/28679 - Vendor Advisory
References () http://secunia.com/advisories/28698 - Vendor Advisory () http://secunia.com/advisories/28698 - Vendor Advisory
References () http://secunia.com/advisories/29638 - Vendor Advisory () http://secunia.com/advisories/29638 - Vendor Advisory
References () http://security.gentoo.org/glsa/glsa-200801-15.xml - () http://security.gentoo.org/glsa/glsa-200801-15.xml -
References () http://securitytracker.com/id?1019157 - () http://securitytracker.com/id?1019157 -
References () http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894 - () http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894 -
References () http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894 - () http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 -
References () http://www.debian.org/security/2008/dsa-1460 - () http://www.debian.org/security/2008/dsa-1460 -
References () http://www.debian.org/security/2008/dsa-1463 - () http://www.debian.org/security/2008/dsa-1463 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 -
References () http://www.postgresql.org/about/news.905 - () http://www.postgresql.org/about/news.905 -
References () http://www.redhat.com/support/errata/RHSA-2008-0038.html - () http://www.redhat.com/support/errata/RHSA-2008-0038.html -
References () http://www.redhat.com/support/errata/RHSA-2008-0040.html - () http://www.redhat.com/support/errata/RHSA-2008-0040.html -
References () http://www.securityfocus.com/archive/1/485864/100/0/threaded - () http://www.securityfocus.com/archive/1/485864/100/0/threaded -
References () http://www.securityfocus.com/archive/1/486407/100/0/threaded - () http://www.securityfocus.com/archive/1/486407/100/0/threaded -
References () http://www.securityfocus.com/bid/27163 - Patch () http://www.securityfocus.com/bid/27163 - Patch
References () http://www.vupen.com/english/advisories/2008/0061 - Vendor Advisory () http://www.vupen.com/english/advisories/2008/0061 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2008/0109 - Vendor Advisory () http://www.vupen.com/english/advisories/2008/0109 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2008/1071/references - () http://www.vupen.com/english/advisories/2008/1071/references -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/39499 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/39499 -
References () https://issues.rpath.com/browse/RPL-1768 - () https://issues.rpath.com/browse/RPL-1768 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804 -
References () https://usn.ubuntu.com/568-1/ - () https://usn.ubuntu.com/568-1/ -
References () https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html - () https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html -
References () https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html - () https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html -
Information

Published : 2008-01-09 21:46

Updated : 2025-04-09 00:30

NVD link : CVE-2007-4769

Mitre link : CVE-2007-4769

CVE.ORG link : CVE-2007-4769

JSON object : View

Products Affected

tcl_tk

  • tcl_tk

postgresql

  • postgresql
CWE
CWE-189

Numeric Errors