• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PostgreSQL To_Ascii() Buffer Overflow Vulnerability

PostgreSQL is reported prone to a buffer overflow vulnerability, which presents itself in the PostgreSQL to_ascii() function. The to_ascii() function is normally used to convert text from multibyte encoding format to ASCII.

It has been conjectured that excessive data passed to the to_ascii() function may overrun the bounds of an insufficient buffer reserved in heap based memory. This may result in the corruption of heap based memory management structures that are adjacent to the affected buffer. Although unconfirmed, it is currently believed that under the correct circumstances an attacker may leverage this condition to execute arbitrary instructions in the context of the affected service.

Other ADT (abstract data type) to_ascii_xxx() conversion functions are similarly affected.