PT-2015-4538 · Postgresql+4 · Postgresql+4

Marko Tiikkaja

+1

·

Publicado

2015-02-05

·

Atualizado

2024-06-15

·

CVE-2015-0243

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PostgreSQL versions 9.0.0 through 9.0.18 PostgreSQL versions 9.1.x before 9.1.15 PostgreSQL versions 9.2.x before 9.2.10 PostgreSQL versions 9.3.x before 9.3.6 PostgreSQL versions 9.4.x before 9.4.1
Description The issue is related to multiple buffer overflows in the contrib/pgcrypto module of PostgreSQL, allowing remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. This is due to memory errors in functions within the pgcrypto extension.
Recommendations For PostgreSQL versions 9.0.0 through 9.0.18, update to version 9.0.19 or later. For PostgreSQL versions 9.1.x before 9.1.15, update to version 9.1.15 or later. For PostgreSQL versions 9.2.x before 9.2.10, update to version 9.2.10 or later. For PostgreSQL versions 9.3.x before 9.3.6, update to version 9.3.6 or later. For PostgreSQL versions 9.4.x before 9.4.1, update to version 9.4.1 or later.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-120

Identificadores relacionados

CESA-2015_0750
CVE-2015-0243
DLA-152-1
DSA-3155-1
MGASA-2015-0069
OPENSUSE-SU-2024:10256-1
RHSA-2015:0699
RHSA-2015:0750
RHSA-2015:0856
RHSA-2015_0750
SUSE-SU-2015:0478-1
USN-2499-1

Produtos afetados

Centos
Postgresql
Red Hat
Suse
Ubuntu