Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
2008-01-09T21:46:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:N/A:C
8.0
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | postgresql | postgresql | 7.3 | Yes |
| Application | postgresql | postgresql | 7.3.1 | Yes |
| Application | postgresql | postgresql | 7.3.2 | Yes |
| Application | postgresql | postgresql | 7.3.3 | Yes |
| Application | postgresql | postgresql | 7.3.4 | Yes |
| Application | postgresql | postgresql | 7.3.6 | Yes |
| Application | postgresql | postgresql | 7.3.8 | Yes |
| Application | postgresql | postgresql | 7.3.9 | Yes |
| Application | postgresql | postgresql | 7.3.10 | Yes |
| Application | postgresql | postgresql | 7.3.11 | Yes |
| Application | postgresql | postgresql | 7.3.12 | Yes |
| Application | postgresql | postgresql | 7.3.13 | Yes |
| Application | postgresql | postgresql | 7.3.14 | Yes |
| Application | postgresql | postgresql | 7.3.15 | Yes |
| Application | postgresql | postgresql | 7.3.16 | Yes |
| Application | postgresql | postgresql | 7.3.19 | Yes |
| Application | postgresql | postgresql | 7.4 | Yes |
| Application | postgresql | postgresql | 7.4.1 | Yes |
| Application | postgresql | postgresql | 7.4.2 | Yes |
| Application | postgresql | postgresql | 7.4.3 | Yes |
| Application | postgresql | postgresql | 7.4.4 | Yes |
| Application | postgresql | postgresql | 7.4.5 | Yes |
| Application | postgresql | postgresql | 7.4.6 | Yes |
| Application | postgresql | postgresql | 7.4.7 | Yes |
| Application | postgresql | postgresql | 7.4.8 | Yes |
| Application | postgresql | postgresql | 7.4.9 | Yes |
| Application | postgresql | postgresql | 7.4.10 | Yes |
| Application | postgresql | postgresql | 7.4.11 | Yes |
| Application | postgresql | postgresql | 7.4.12 | Yes |
| Application | postgresql | postgresql | 7.4.13 | Yes |
| Application | postgresql | postgresql | 7.4.14 | Yes |
| Application | postgresql | postgresql | 7.4.16 | Yes |
| Application | postgresql | postgresql | 7.4.17 | Yes |
| Application | postgresql | postgresql | 8.0 | Yes |
| Application | postgresql | postgresql | 8.0.1 | Yes |
| Application | postgresql | postgresql | 8.0.2 | Yes |
| Application | postgresql | postgresql | 8.0.3 | Yes |
| Application | postgresql | postgresql | 8.0.4 | Yes |
| Application | postgresql | postgresql | 8.0.5 | Yes |
| Application | postgresql | postgresql | 8.0.7 | Yes |
| Application | postgresql | postgresql | 8.0.8 | Yes |
| Application | postgresql | postgresql | 8.0.9 | Yes |
| Application | postgresql | postgresql | 8.0.11 | Yes |
| Application | postgresql | postgresql | 8.0.13 | Yes |
| Application | postgresql | postgresql | 8.0.317 | Yes |
| Application | postgresql | postgresql | 8.1.1 | Yes |
| Application | postgresql | postgresql | 8.1.3 | Yes |
| Application | postgresql | postgresql | 8.1.4 | Yes |
| Application | postgresql | postgresql | 8.1.5 | Yes |
| Application | postgresql | postgresql | 8.1.7 | Yes |
| Application | postgresql | postgresql | 8.1.8 | Yes |
| Application | postgresql | postgresql | 8.1.9 | Yes |
| Application | postgresql | postgresql | 8.2 | Yes |
| Application | postgresql | postgresql | 8.2.2 | Yes |
| Application | postgresql | postgresql | 8.2.3 | Yes |
| Application | postgresql | postgresql | 8.2.4 | Yes |
| Application | tcl_tk | tcl_tk | ≤ 8.4.16 | Yes |