• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: PostgreSQL JOIN Hashtable Size Integer Overflow Denial Of Service Vulnerability

Severity: MODERATE

Description:

PostgreSQL is an open-source relational database suite. It is available for UNIX, Linux, and their variants; Apple Mac OS X; and Microsoft Windows.

PostgreSQL is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied data before using it in memory-allocation calculations. Specifically, the 'ExecChooseHashTableSize()' function of the 'backend/executor/nodeHash.c' source file fails to properly calculate the hashtable size for JOIN operations.

An attacker can exploit this issue to cause the affected application to crash. Due to the nature of this issue, remote code execution may be possible; this has not been confirmed.

Affected Products:

• Gentoo Linux
• PostgreSQL PostgreSQL 7.4.0
• PostgreSQL PostgreSQL 7.4.1
• PostgreSQL PostgreSQL 7.4.10
• PostgreSQL PostgreSQL 7.4.11
• PostgreSQL PostgreSQL 7.4.12
• PostgreSQL PostgreSQL 7.4.13
• PostgreSQL PostgreSQL 7.4.14
• PostgreSQL PostgreSQL 7.4.16
• PostgreSQL PostgreSQL 7.4.17
• PostgreSQL PostgreSQL 7.4.19
• PostgreSQL PostgreSQL 7.4.2
• PostgreSQL PostgreSQL 7.4.26
• PostgreSQL PostgreSQL 7.4.27
• PostgreSQL PostgreSQL 7.4.3
• PostgreSQL PostgreSQL 7.4.4
• PostgreSQL PostgreSQL 7.4.5
• PostgreSQL PostgreSQL 7.4.6
• PostgreSQL PostgreSQL 7.4.7
• PostgreSQL PostgreSQL 7.4.8
• PostgreSQL PostgreSQL 7.4.9
• PostgreSQL PostgreSQL 8.0.0
• PostgreSQL PostgreSQL 8.0.1
• PostgreSQL PostgreSQL 8.0.11
• PostgreSQL PostgreSQL 8.0.13
• PostgreSQL PostgreSQL 8.0.15
• PostgreSQL PostgreSQL 8.0.2
• PostgreSQL PostgreSQL 8.0.22
• PostgreSQL PostgreSQL 8.0.23
• PostgreSQL PostgreSQL 8.0.3
• PostgreSQL PostgreSQL 8.0.317
• PostgreSQL PostgreSQL 8.0.4
• PostgreSQL PostgreSQL 8.0.5
• PostgreSQL PostgreSQL 8.0.6
• PostgreSQL PostgreSQL 8.0.7
• PostgreSQL PostgreSQL 8.0.8
• PostgreSQL PostgreSQL 8.0.9
• PostgreSQL PostgreSQL 8.1.0
• PostgreSQL PostgreSQL 8.1.1
• PostgreSQL PostgreSQL 8.1.11
• PostgreSQL PostgreSQL 8.1.18
• PostgreSQL PostgreSQL 8.1.19
• PostgreSQL PostgreSQL 8.1.2
• PostgreSQL PostgreSQL 8.1.3
• PostgreSQL PostgreSQL 8.1.4
• PostgreSQL PostgreSQL 8.1.5
• PostgreSQL PostgreSQL 8.1.7
• PostgreSQL PostgreSQL 8.1.8
• PostgreSQL PostgreSQL 8.1.9
• PostgreSQL PostgreSQL 8.2.0
• PostgreSQL PostgreSQL 8.2.14
• PostgreSQL PostgreSQL 8.2.15
• PostgreSQL PostgreSQL 8.2.2
• PostgreSQL PostgreSQL 8.2.3
• PostgreSQL PostgreSQL 8.2.4
• PostgreSQL PostgreSQL 8.2.6
• PostgreSQL PostgreSQL 8.3
• PostgreSQL PostgreSQL 8.3.6
• PostgreSQL PostgreSQL 8.3.8
• PostgreSQL PostgreSQL 8.3.9
• PostgreSQL PostgreSQL 8.4
• PostgreSQL PostgreSQL 8.4.1
• Red Hat Desktop 3.0.0
• Red Hat Enterprise Linux 5 server
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux Desktop 5 client
• Red Hat Enterprise Linux Desktop Workstation 5 client
• Red Hat Enterprise Linux Desktop version 4
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux WS 3
• Red Hat Enterprise Linux WS 4
• SuSE Linux Personal 9.1.0
• SuSE Linux Personal 9.1.0 x86_64
• SuSE Linux Personal 9.2.0
• SuSE Linux Personal 9.2.0 x86_64
• Trustix Secure Linux 2.1.0
• Trustix Secure Linux 2.2.0
• Turbolinux Appliance Server 1.0.0 Hosting Edition
• Turbolinux Appliance Server 1.0.0 Workgroup Edition
• Turbolinux Appliance Server Hosting Edition 1.0.0
• Turbolinux Appliance Server Workgroup Edition 1.0.0
• Turbolinux Home
• Turbolinux Turbolinux Desktop 10.0.0
• Turbolinux Turbolinux Server 10.0.0
• Turbolinux Turbolinux Server 7.0.0
• Turbolinux Turbolinux Server 8.0.0
• Turbolinux Turbolinux Server 9.0.0
• Turbolinux Turbolinux Workstation 7.0.0
• Turbolinux Turbolinux Workstation 8.0.0
• Ubuntu Ubuntu Linux 4.1.0 ia32
• Ubuntu Ubuntu Linux 4.1.0 ia64
• Ubuntu Ubuntu Linux 4.1.0 ppc
• Ubuntu Ubuntu Linux 5.0.0 4 amd64
• Ubuntu Ubuntu Linux 5.0.0 4 i386
• Ubuntu Ubuntu Linux 5.0.0 4 powerpc

References:

• "Bernt Marius Johnsen" <bernt.johnsen@sun.com>: BUG #5145: Complex query with lots of LEFT JOIN causes segfault
• Jan Lieskovsky: Bug 546621 - postgresql: Integer overflow in hash table size calculation
• PostgreSQL: PostgreSQL Homepage
• Tom Lane: Make the overflow guards in ExecChooseHashTableSize be more protective.

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.