Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2007-0556

Disclosure Date: February 06, 2007
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a “previously made query plan,” which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an “ALTER COLUMN TYPE” SQL statement, which can be leveraged to read arbitrary memory from the server.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

References

Advisory

Additional Info

Technical Analysis