Vigil@nce: PostgreSQL, denial of service via JOIN
March 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can create a query containing numerous
JOINs, in order to stop PostgreSQL.
Severity: 1/4
Consequences: denial of service of service
Provenance: user account
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 10/03/2010
IMPACTED PRODUCTS
– PostgreSQL
DESCRIPTION OF THE VULNERABILITY
The JOIN directive of the SQL language is used to create a join
between two tables.
When a join is done on an indexed field of a table, the
ExecChooseHashTableSize() function of the src/backend/executor/nodeHash.c
file estimates the required memory size via a multiplication.
However, this multiplication can overflow, which corrupts the
memory.
An authenticated attacker can therefore create a query containing
numerous JOINs, in order to stop PostgreSQL.
CHARACTERISTICS
Identifiers: 30 Oct 2009 15:03:50, 5145, 546621, BID-38619,
VIGILANCE-VUL-9510
http://vigilance.fr/vulnerability/PostgreSQL-denial-of-service-via-JOIN-9510