CVE-2009-2356

Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dan_cahill:nulllogic_groupware:1.2.7:*:*:*:*:*:*:*

History

21 Nov 2024, 01:04

Type Values Removed Values Added
References () http://www.nth-dimension.org.uk/utils/get.php?downloadsid=55 - () http://www.nth-dimension.org.uk/utils/get.php?downloadsid=55 -
References () http://www.securityfocus.com/archive/1/504737/100/0/threaded - () http://www.securityfocus.com/archive/1/504737/100/0/threaded -
References () http://www.vupen.com/english/advisories/2009/1817 - () http://www.vupen.com/english/advisories/2009/1817 -

Information

Published : 2009-07-07 23:30

Updated : 2024-11-21 01:04


NVD link : CVE-2009-2356

Mitre link : CVE-2009-2356

CVE.ORG link : CVE-2009-2356


JSON object : View

Products Affected

dan_cahill

  • nulllogic_groupware
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer