You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to
https://nvd.nist.gov
You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.
U.S. flag
An official website of the United States government
Dot gov
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Https
Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.
Current Description
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
PostgreSQL 8.3.6 allows remote authenticated users to cause a denial of service (stack consumption) via mismatched encoding conversion requests.
Evaluator Description
Per: https://bugzilla.redhat.com/show_bug.cgi?id=488156
"PostgreSQL allows remote authenticated users to cause a momentary denial
of service (crash due to stack consumption) when there is a failure to
convert a localized error message to the client-specified encoding.
In releases 8.3.6, 8.2.12, 8.1.16. 8.0.20, and 7.4.24, a trivial
misconfiguration is sufficient to provoke a crash. In older releases
it is necessary to select a locale and client encoding for which
specific messages fail to translate, and so a given installation may or
may not be vulnerable depending on the administrator-determined locale
setting.
Releases 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 are secure against
all known variants of this issue."
Metrics
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
This issue has been addressed in Red Hat
Enterprise Linux 4 and 5 via:
https://rhn.redhat.com/errata/RHSA-2009-1484.html
and in Red Hat Application Stack v2 via:
https://rhn.redhat.com/errata/RHSA-2009-1067.html
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected].
PostgreSQL en versiones anteriores a 8.3.7, 8.2.13, 8.1.17, 8.0.21 y 7.4.25 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de pila y caída) desencadenando un fallo en la conversión de un mensaje de error localizado en el cifrado para un cliente especificado, como se demuestra usando peticiones de conversión de codificación no coincidentes.
Removed
Translation
PostgreSQL v8.3.6 permite a usuarios autenticados remotamente provocar una denegación de servicio (agotamiento de pila) a través de peticiones de conversión codificadas incorrectas.
CVE Modified by MITRE8/22/2016 9:59:41 PM
Action
Type
Old Value
New Value
Added
Reference
http://marc.info/?l=bugtraq&m=134124585221119&w=2
Initial CVE Analysis3/17/2009 1:35:00 PM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2009-0922 NVD
Published Date: 03/17/2009 NVD
Last Modified: 04/08/2025
Source: MITRE