CVE-2014-0063

Public on 2014-03-13
Modified on 2014-09-17
Description
Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
Severity
Important severity
Important
CVSS v3 Base Score
6.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 postgresql8 2014-03-13 ALAS-2014-305 Fixed
Amazon Linux 1 postgresql9 2014-03-13 ALAS-2014-306 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P
NVD CVSSv2 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P