CVE-2005-0247

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.

Published: May 2, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0247
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
postgresql / postgresql	7.2.7	7.2.7.x
postgresql / postgresql	7.3.3	7.3.3.x
postgresql / postgresql	7.2	7.2.x
postgresql / postgresql	7.3	7.3.x
postgresql / postgresql	7.4.1	7.4.1.x
postgresql / postgresql	7.3.9	7.3.9.x
postgresql / postgresql	7.2.3	7.2.3.x
postgresql / postgresql	8.0.0	8.0.0.x
postgresql / postgresql	7.2.6	7.2.6.x
postgresql / postgresql	7.4.6	7.4.6.x
postgresql / postgresql	7.4.7	7.4.7.x
postgresql / postgresql	7.4.3	7.4.3.x
postgresql / postgresql	7.3.6	7.3.6.x
postgresql / postgresql	7.2.5	7.2.5.x
postgresql / postgresql	7.4.5	7.4.5.x
postgresql / postgresql	7.3.8	7.3.8.x
postgresql / postgresql	7.4	7.4.x
postgresql / postgresql	7.4.4	7.4.4.x
postgresql / postgresql	8.0.1	8.0.1.x
postgresql / postgresql	7.2.2	7.2.2.x
postgresql / postgresql	7.3.2	7.3.2.x
postgresql / postgresql	7.3.5	7.3.5.x
postgresql / postgresql	7.2.4	7.2.4.x
postgresql / postgresql	7.3.1	7.3.1.x
postgresql / postgresql	7.3.7	7.3.7.x
postgresql / postgresql	7.2.1	7.2.1.x
postgresql / postgresql	7.4.2	7.4.2.x
postgresql / postgresql	7.3.4	7.3.4.x

Vulnerability Database

289,599

CVE-2005-0247