CVE-2006-5540

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."

🔗 References (52)

• cve@mitreftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
• cve@mitrehttp://projects.commandprompt.com/public/pgsql/changeset/25504
• cve@mitrehttp://secunia.com/advisories/22562
• cve@mitrehttp://secunia.com/advisories/22584
• cve@mitrehttp://secunia.com/advisories/22606
• cve@mitrehttp://secunia.com/advisories/22636
• cve@mitrehttp://secunia.com/advisories/23048
• cve@mitrehttp://secunia.com/advisories/23132
• cve@mitrehttp://secunia.com/advisories/24094
• cve@mitrehttp://secunia.com/advisories/24284
• cve@mitrehttp://secunia.com/advisories/24577
• cve@mitrehttp://securitytracker.com/id?1017115
• cve@mitrehttp://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
• cve@mitrehttp://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html
• cve@mitrehttp://www.mandriva.com/security/advisories?name=MDKSA-2006:194