{
  "threat_severity" : "Important",
  "public_date" : "2014-02-17T00:00:00Z",
  "bugzilla" : {
    "description" : "postgresql: integer overflows leading to buffer overflows",
    "id" : "1065230",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1065230"
  },
  "cvss" : {
    "cvss_base_score" : "6.5",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-190",
  "details" : [ "Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow.  NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector." ],
  "acknowledgement" : "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Heikki Linnakangas and Noah Misch as the original reporters.",
  "affected_release" : [ {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-05-12T00:00:00Z",
    "advisory" : "RHSA-2014:0469",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "cfme-0:5.2.3.2-1.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-05-12T00:00:00Z",
    "advisory" : "RHSA-2014:0469",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "postgresql92-postgresql-0:9.2.7-1.1.el6"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-05-12T00:00:00Z",
    "advisory" : "RHSA-2014:0469",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "prince-0:9.0r2-4.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-05-12T00:00:00Z",
    "advisory" : "RHSA-2014:0469",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2014-02-25T00:00:00Z",
    "advisory" : "RHSA-2014:0211",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "postgresql84-0:8.4.20-1.el5_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2014-03-04T00:00:00Z",
    "advisory" : "RHSA-2014:0249",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "postgresql-0:8.1.23-10.el5_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-02-25T00:00:00Z",
    "advisory" : "RHSA-2014:0211",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "postgresql-0:8.4.20-1.el6_5"
  }, {
    "product_name" : "Red Hat Software Collections for RHEL-6",
    "release_date" : "2014-02-27T00:00:00Z",
    "advisory" : "RHSA-2014:0221",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6",
    "package" : "postgresql92-postgresql-0:9.2.7-1.1.el6"
  } ],
  "package_state" : [ {
    "product_name" : "CloudForms Management Engine 5",
    "fix_state" : "Will not fix",
    "package_name" : "postgresql",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "postgresql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-0064\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0064" ],
  "name" : "CVE-2014-0064",
  "csaw" : false
}