Description
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
Remediation
References
Related Vulnerabilities
MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-42040)
WordPress Plugin Mapwiz SQL Injection (1.0.1)
MySQL CVE-2021-35637 Vulnerability (CVE-2021-35637)
MySQL CVE-2021-35610 Vulnerability (CVE-2021-35610)
Oracle Database Server CVE-2014-6467 Vulnerability (CVE-2014-6467)