CVE-2007-4639

MEDIUM Year: 2007
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-824
View all →

Vulnerability Description

EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.

Related Vulnerabilities

CVE-2017-12561

CRITICAL
CVSS:9.8(Critical)

A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.

CWE-8242017

CVE-2018-11743

CRITICAL
CVSS:9.8(Critical)

The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and applic...

CWE-8242018

CVE-2018-14356

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.

CWE-8242018

CVE-2020-11138

CRITICAL
CVSS:9.8(Critical)

Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivi...

CWE-8242020

CVE-2020-17446

CRITICAL
CVSS:9.8(Critical)

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized poin...

CWE-8242020

CVE-2020-25573

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint.

CWE-8242020