Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-0063

Disclosure Date: March 31, 2014
CVE-2014-0063
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2014-0063 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063)
BID-65719 (http://www.securityfocus.com/bid/65719)
Advisory
http://rhn.redhat.com/errata/RHSA-2014-0211.html
http://rhn.redhat.com/errata/RHSA-2014-0221.html
https://github.com/postgres/postgres/commit/4318daecc959886d001a6e79c6ea853e8b1dfb4b
http://support.apple.com/kb/HT6448
https://bugzilla.redhat.com/show_bug.cgi?id=1065226
http://rhn.redhat.com/errata/RHSA-2014-0469.html
APPLE-SA-2014-10-16-3 (http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html)
http://wiki.postgresql.org/wiki/20140220securityrelease
DSA-2864 (http://www.debian.org/security/2014/dsa-2864)
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.postgresql.org/support/security
http://rhn.redhat.com/errata/RHSA-2014-0249.html
http://www.postgresql.org/about/news/1506
USN-2120-1 (http://www.ubuntu.com/usn/USN-2120-1)
https://support.apple.com/kb/HT6536
DSA-2865 (http://www.debian.org/security/2014/dsa-2865)
http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html
SECUNIA-61307 (http://secunia.com/advisories/61307)
Miscellaneous
http://www.postgresql.org/about/news/1506/
https://access.redhat.com/errata/RHSA-2014:0211
https://access.redhat.com/errata/RHSA-2014:0221
https://access.redhat.com/errata/RHSA-2014:0249
https://access.redhat.com/errata/RHSA-2014:0469
http://www.postgresql.org/support/security/
https://access.redhat.com/security/cve/CVE-2014-0063

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis