Search for vulnerabilities
Vulnerability details: VCID-v5va-w3xr-aaac
Vulnerability ID VCID-v5va-w3xr-aaac
Aliases CVE-2010-0442
Summary CVE-2010-0442 postgresql: substring() negative length argument buffer overflow
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0427
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0428
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0429
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.13526 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.16189 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.16189 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.16189 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.16189 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.16189 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.16189 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.16189 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.16189 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.16189 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.16189 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.16189 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.28435 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.72490 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.72490 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.72490 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.72490 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.95606 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.95606 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.95606 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.95606 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.95606 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.95606 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.95606 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.95606 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
epss 0.95606 https://api.first.org/data/v1/epss?cve=CVE-2010-0442
cvssv2 6.5 https://nvd.nist.gov/vuln/detail/CVE-2010-0442
Reference id Reference type URL
http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php
http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058
http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12
http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83
http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=75dea10196c31d98d98c0bafeeb576ae99c09b12
http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=b15087cb39ca9e4bde3c8920fcee3741045d2b83
http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0442.json
https://api.first.org/data/v1/epss?cve=CVE-2010-0442
https://bugzilla.redhat.com/show_bug.cgi?id=559194
https://bugzilla.redhat.com/show_bug.cgi?id=559259
http://secunia.com/advisories/39566
http://secunia.com/advisories/39820
http://secunia.com/advisories/39939
http://securitytracker.com/id?1023510
https://exchange.xforce.ibmcloud.com/vulnerabilities/55902
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720
http://ubuntu.com/usn/usn-933-1
http://www.debian.org/security/2010/dsa-2051
http://www.mandriva.com/security/advisories?name=MDVSA-2010:103
http://www.openwall.com/lists/oss-security/2010/01/27/5
http://www.redhat.com/support/errata/RHSA-2010-0427.html
http://www.redhat.com/support/errata/RHSA-2010-0428.html
http://www.redhat.com/support/errata/RHSA-2010-0429.html
http://www.securityfocus.com/bid/37973
http://www.vupen.com/english/advisories/2010/1022
http://www.vupen.com/english/advisories/2010/1197
http://www.vupen.com/english/advisories/2010/1207
http://www.vupen.com/english/advisories/2010/1221
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:8.0.23:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:8.1.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*
CVE-2010-0442 https://nvd.nist.gov/vuln/detail/CVE-2010-0442
CVE-2010-0442;OSVDB-62129 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33571.txt
CVE-2010-0442;OSVDB-62129 Exploit https://www.securityfocus.com/bid/37973/info
GLSA-201110-22 https://security.gentoo.org/glsa/201110-22
RHSA-2010:0427 https://access.redhat.com/errata/RHSA-2010:0427
RHSA-2010:0428 https://access.redhat.com/errata/RHSA-2010:0428
RHSA-2010:0429 https://access.redhat.com/errata/RHSA-2010:0429
USN-933-1 https://usn.ubuntu.com/933-1/
Data source Exploit-DB
Date added Jan. 27, 2010
Description PostgreSQL - 'bitsubstr' Buffer Overflow
Ransomware campaign use Known
Source publication date Jan. 27, 2010
Exploit type dos
Platform linux
Source update date May 29, 2014
Source URL https://www.securityfocus.com/bid/37973/info
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-0442
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93614
EPSS Score 0.13526
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.