News
Vigil@nce: PostgreSQL, denial of service via JOIN
March 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can create a query containing numerous JOINs, in order to stop PostgreSQL.
Severity: 1/4
Consequences: denial of service of service
Provenance: user account
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 10/03/2010
IMPACTED PRODUCTS
PostgreSQL
DESCRIPTION OF THE VULNERABILITY
The JOIN directive of the SQL language is used to create a join between two tables.
When a join is done on an indexed field of a table, the ExecChooseHashTableSize() function of the src/backend/executor/nodeHash.c file estimates the required memory size via a multiplication. However, this multiplication can overflow, which corrupts the memory.
An authenticated attacker can therefore create a query containing numerous JOINs, in order to stop PostgreSQL.
CHARACTERISTICS
Identifiers: 30 Oct 2009 15:03:50, 5145, 546621, BID-38619, VIGILANCE-VUL-9510
