EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to…
mitre·CWE-824·Published 2007-08-31
EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.
EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.
EnterpriseDB Advanced Server 8.2 no gestiona apropiadamente determinadas llamadas a función de depuración que ocurre antes de una llamada a pldbg_create_listener, lo cual permite a usuarios remotos autenticados provocar una denegación de servicio (caída de demonio) y posiblemente ejecutar código de su elección mediante sentencias SELECT que invoca una función pldbg_, como se demuestra con (1) pldbg_get_stack y (2) pldbg_abort_target, que dispara el uso de un puntero no inicializado.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.5 | 8.0 | 6.4 | AV:N/AC:L/Au:S/C:P/I:P/A:P |