CVE-2009-2356
Published Jul 7, 2009
Last updated 6 years ago
Overview
- Description
- Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dan_cahill:nulllogic_groupware:1.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C7AD5C6-C4CF-4F21-9ED1-CFAF8859C384"
}
],
"operator": "OR"
}
]
}
]