• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PostgreSQL String Pad Function Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported for PostgreSQL. Reportedly, PostgreSQL doesn't properly handle overly large integer arguments given to the lpad() and rpad() funtions. The functions are lpad() and rpad() found in the file, src/backend/utils/adt/oracle_compat.c, and serve to pad an existing text string with another up to a given length.

This vulnerability only affects data bases that were created using special international encodings. For example, databases that were created using a 'UNICODE' encoding are vulnerable to this issue.