Unrated severityNVD Advisory· Published Jan 9, 2008· Updated Apr 23, 2026

CVE-2007-4769

Description

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

Affected products

PostgreSQL/PostgreSQL56 versions
cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*+ 55 more
- cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.19:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.317:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*
Tcl Tk/Tcl Tk
cpe:2.3:a:tcl_tk:tcl_tk:*:*:*:*:*:*:*:*
Range: <=8.4.16

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/27163nvdPatch
secunia.com/advisories/28359nvdVendor Advisory
secunia.com/advisories/28376nvdVendor Advisory
secunia.com/advisories/28437nvdVendor Advisory
secunia.com/advisories/28438nvdVendor Advisory
secunia.com/advisories/28454nvdVendor Advisory
secunia.com/advisories/28455nvdVendor Advisory
secunia.com/advisories/28464nvdVendor Advisory
secunia.com/advisories/28479nvdVendor Advisory
secunia.com/advisories/28679nvdVendor Advisory
secunia.com/advisories/28698nvdVendor Advisory
secunia.com/advisories/29638nvdVendor Advisory
www.vupen.com/english/advisories/2008/0061nvdVendor Advisory
www.vupen.com/english/advisories/2008/0109nvdVendor Advisory
h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.htmlnvd
secunia.com/advisories/28477nvd
security.gentoo.org/glsa/glsa-200801-15.xmlnvd
securitytracker.com/idnvd
sourceforge.net/project/shownotes.phpnvd
sourceforge.net/tracker/index.phpnvd
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
www.debian.org/security/2008/dsa-1460nvd
www.debian.org/security/2008/dsa-1463nvd
www.mandriva.com/security/advisoriesnvd
www.postgresql.org/about/news.905nvd
www.redhat.com/support/errata/RHSA-2008-0038.htmlnvd
www.redhat.com/support/errata/RHSA-2008-0040.htmlnvd
www.securityfocus.com/archive/1/485864/100/0/threadednvd
www.securityfocus.com/archive/1/486407/100/0/threadednvd
www.vupen.com/english/advisories/2008/1071/referencesnvd
exchange.xforce.ibmcloud.com/vulnerabilities/39499nvd
issues.rpath.com/browse/RPL-1768nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804nvd
usn.ubuntu.com/568-1/nvd
www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.htmlnvd
www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000