Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026
CVE-2005-0247
CVE-2005-0247
Description
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.
Affected products
28cpe:2.3:a:postgresql:postgresql:7.2:*:*:*:*:*:*:*+ 27 more
- cpe:2.3:a:postgresql:postgresql:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- archives.postgresql.org/pgsql-committers/2005-02/msg00049.phpnvdPatch
- www.gentoo.org/security/en/glsa/glsa-200502-19.xmlnvdPatchVendor Advisory
- www.novell.com/linux/security/advisories/2005_27_postgresql.htmlnvdPatchVendor Advisory
- www.redhat.com/support/errata/RHSA-2005-138.htmlnvdPatchVendor Advisory
- www.redhat.com/support/errata/RHSA-2005-150.htmlnvdPatchVendor Advisory
- marc.infonvd
- www.debian.org/security/2005/dsa-683nvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2005_36_sudo.htmlnvd
- www.securityfocus.com/bid/12417nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/19375nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/19376nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/19377nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/19378nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9345nvd
News mentions
0No linked articles in our index yet.