Home > Vulnerability Database > CVE-2014-0062

Mend.io Vulnerability Database

CVE-2014-0062

Date: March 28, 2014

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

Language: C

Severity Score

4.2

Related Resources (22)

Url: http://wiki.postgresql.org/wiki/20140220securityrelease

Url: http://www.ubuntu.com/usn/USN-2120-1

Url: http://secunia.com/advisories/61307

Url: http://rhn.redhat.com/errata/RHSA-2014-0211.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-0062

Url: http://rhn.redhat.com/errata/RHSA-2014-0469.html

Url: http://www.postgresql.org/about/news/1506/

Url: http://rhn.redhat.com/errata/RHSA-2014-0221.html

Url: http://www.securityfocus.com/bid/65727

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0062

Url: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Url: http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html

Url: http://support.apple.com/kb/HT6448

Url: http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

Url: http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html

Url: http://rhn.redhat.com/errata/RHSA-2014-0249.html

Url: https://support.apple.com/kb/HT6536

Url: http://www.debian.org/security/2014/dsa-2865

Url: https://access.redhat.com/security/cve/CVE-2014-0062

Url: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Url: http://www.debian.org/security/2014/dsa-2864

Url: https://www.mend.io/vulnerability-database/CVE-2014-0062

Severity Score

4.2

Weakness Type (CWE)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.9
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-0062

Date: March 28, 2014

Language: C

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?