CVE-2007-4769

NameCVE-2007-4769
DescriptionThe regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1460-1, DSA-1463-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresqlsourcesarge(unfixed)
postgresql-7.4sourceetch7.4.19-0etch1DSA-1463-1
postgresql-8.1sourceetch8.1.11-0etch1DSA-1460-1
postgresql-8.1source(unstable)8.1.11-1
postgresql-8.2source(unstable)8.2.6-1
tcl8.3source(unstable)(not affected)
tcl8.4source(unstable)(not affected)

Notes

- tcl8.3 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
- tcl8.4 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)

Search for package or bug name: Reporting problems