PostgreSQL Error Message Conversion Remote DoS

Medium Nessus Network Monitor Plugin ID 4957


The remote host is vulnerable to a Denial of Service (DoS) attack.


This version of PostgreSQL is vulnerable to a denial of service when processing malformed SQL statements. To exploit this flaw, an attacker would need a valid account and the ability to execute custom queries. Successful exploitation would result in the attacker shutting down the database.


Upgrade to version 7.4.24, 8.0.20, 8.1.16, 8.2.12, 8.3.6 or higher.

See Also

Plugin Details

Severity: Medium

ID: 4957

File Name: 4957.prm

Family: Database

Published: 2009/03/12

Modified: 2016/01/30

Dependencies: 8703, 8704

Risk Information

Risk Factor: Medium


Base Score: 4

Temporal Score: 3.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 4.3

Temporal Score: 4


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:postgresql:postgresql

Reference Information

CVE: CVE-2009-0922

BID: 34090

OSVDB: 54512