CVE-2014-0066 Information

Share on:

Feb 14, 2021 cve

Description

The chkpass extension in PostgreSQL before 8.4.20 9.0.x before 9.0.16 9.1.x before 9.1.12 9.2.x before 9.2.7 and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

Reference

http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html http://rhn.redhat.com/errata/RHSA-2014-0211.html http://rhn.redhat.com/errata/RHSA-2014-0221.html http://rhn.redhat.com/errata/RHSA-2014-0249.html http://rhn.redhat.com/errata/RHSA-2014-0469.html http://support.apple.com/kb/HT6448 http://wiki.postgresql.org/wiki/20140220securityrelease http://www.debian.org/security/2014/dsa-2864 http://www.debian.org/security/2014/dsa-2865 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.postgresql.org/about/news/1506/ http://www.ubuntu.com/usn/USN-2120-1 https://support.apple.com/kb/HT6536