PT-2015-4536 · Postgresql+4 · Postgresql+4
Bruce Momjian
·
Publicado
2015-02-05
·
Atualizado
2024-06-15
·
CVE-2015-0241
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PostgreSQL versions 9.0.x through 9.0.18
PostgreSQL versions 9.1.x through 9.1.14
PostgreSQL versions 9.2.x through 9.2.9
PostgreSQL versions 9.3.x through 9.3.5
PostgreSQL versions 9.4.x through 9.4.0
Description
The issue allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via a large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or a crafted timestamp formatting template, which triggers a buffer overflow.
Recommendations
For PostgreSQL versions 9.0.x through 9.0.18, update to version 9.0.19 or later.
For PostgreSQL versions 9.1.x through 9.1.14, update to version 9.1.15 or later.
For PostgreSQL versions 9.2.x through 9.2.9, update to version 9.2.10 or later.
For PostgreSQL versions 9.3.x through 9.3.5, update to version 9.3.6 or later.
For PostgreSQL versions 9.4.x through 9.4.0, update to version 9.4.1 or later.
Correção
DoS
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Centos
Postgresql
Red Hat
Suse
Ubuntu