CVE-2007-4639
published 2007-08-31CVE-2007-4639: EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows…
PriorityP431medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
5.13%
91.3th percentile
EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| enterprisedb | postgres_advanced_server | — | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
EnterpriseDB security flaw
vendor_redhat·2007-08-29·CVSS 6.5
CVE-2007-4639 [MEDIUM] EnterpriseDB security flaw
EnterpriseDB security flaw
EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.
GHSA
GHSA-f4fh-29cp-vmcg: EnterpriseDB Advanced Server 8
ghsa_unreviewed·2022-05-01
CVE-2007-4639 [MEDIUM] CWE-824 GHSA-f4fh-29cp-vmcg: EnterpriseDB Advanced Server 8
EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.
No detection rules found.
http://secunia.com/advisories/26640http://www.securityfocus.com/archive/1/478057/100/0/threadedhttp://www.securityfocus.com/bid/25481http://www.vupen.com/english/advisories/2007/3040https://exchange.xforce.ibmcloud.com/vulnerabilities/36328http://secunia.com/advisories/26640http://www.securityfocus.com/archive/1/478057/100/0/threadedhttp://www.securityfocus.com/bid/25481http://www.vupen.com/english/advisories/2007/3040https://exchange.xforce.ibmcloud.com/vulnerabilities/36328
2007-08-31
Published