Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-0442

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."

Security Impact Summary

CVE-2010-0442 is a security vulnerability that . Impacting 1 product from postgresql organizations running these solutions should prioritize assessment and patching.

Historical Context

Documented in 2010, this vulnerability occurred amid the cloud computing expansion era, where traditional network perimeter security models were being reevaluated. Organizations were transitioning from isolated infrastructure to interconnected systems, creating new attack surfaces that vulnerabilities like this could exploit.

Published

2010-02-02T18:30:00.360

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-189

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	postgresql	postgresql	< 7.4.28	Yes
Application	postgresql	postgresql	< 8.0.24	Yes
Application	postgresql	postgresql	< 8.1.20	Yes
Application	postgresql	postgresql	< 8.2.16	Yes
Application	postgresql	postgresql	< 8.3.10	Yes
Application	postgresql	postgresql	< 8.4.3	Yes

References

http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php Vendor Advisory ([email protected])
http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php Vendor Advisory ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058 Third Party Advisory ([email protected])
http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12 Vendor Advisory ([email protected])
http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83 Vendor Advisory ([email protected])
http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html Third Party Advisory ([email protected])
http://secunia.com/advisories/39566 Broken Link ([email protected])
http://secunia.com/advisories/39820 Broken Link ([email protected])
http://secunia.com/advisories/39939 Broken Link ([email protected])
http://securitytracker.com/id?1023510 Third Party Advisory, VDB Entry ([email protected])
http://ubuntu.com/usn/usn-933-1 Third Party Advisory ([email protected])
http://www.debian.org/security/2010/dsa-2051 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 Broken Link ([email protected])
http://www.openwall.com/lists/oss-security/2010/01/27/5 Mailing List, Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0427.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0428.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0429.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/37973 Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2010/1022 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2010/1197 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2010/1207 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2010/1221 Permissions Required ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=559194 Issue Tracking, Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=559259 Issue Tracking, Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/55902 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720 Third Party Advisory ([email protected])
http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39566 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39820 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39939 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1023510 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://ubuntu.com/usn/usn-933-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2010/dsa-2051 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2010/01/27/5 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0427.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0428.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0429.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/37973 Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1022 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1197 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1207 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1221 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=559194 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=559259 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55902 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For postgresql's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.