{
  "threat_severity" : "Moderate",
  "public_date" : "2014-02-17T00:00:00Z",
  "bugzilla" : {
    "description" : "postgresql: NULL pointer dereference",
    "id" : "1065236",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1065236"
  },
  "cvss" : {
    "cvss_base_score" : "4.0",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:S/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors." ],
  "acknowledgement" : "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Bruce Momjian and Honza Horak as the original reporters.",
  "affected_release" : [ {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-05-12T00:00:00Z",
    "advisory" : "RHSA-2014:0469",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "cfme-0:5.2.3.2-1.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-05-12T00:00:00Z",
    "advisory" : "RHSA-2014:0469",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "postgresql92-postgresql-0:9.2.7-1.1.el6"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-05-12T00:00:00Z",
    "advisory" : "RHSA-2014:0469",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "prince-0:9.0r2-4.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-05-12T00:00:00Z",
    "advisory" : "RHSA-2014:0469",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2014-02-25T00:00:00Z",
    "advisory" : "RHSA-2014:0211",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "postgresql84-0:8.4.20-1.el5_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2014-03-04T00:00:00Z",
    "advisory" : "RHSA-2014:0249",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "postgresql-0:8.1.23-10.el5_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-02-25T00:00:00Z",
    "advisory" : "RHSA-2014:0211",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "postgresql-0:8.4.20-1.el6_5"
  }, {
    "product_name" : "Red Hat Software Collections for RHEL-6",
    "release_date" : "2014-02-27T00:00:00Z",
    "advisory" : "RHSA-2014:0221",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6",
    "package" : "postgresql92-postgresql-0:9.2.7-1.1.el6"
  } ],
  "package_state" : [ {
    "product_name" : "CloudForms Management Engine 5",
    "fix_state" : "Will not fix",
    "package_name" : "postgresql",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "postgresql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-0066\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0066" ],
  "name" : "CVE-2014-0066",
  "csaw" : false
}