PT-2017-3859 · Postgresql+2 · Postgresql+2
Publicado
2017-09-11
·
Atualizado
2026-01-30
·
CVE-2017-15098
CVSS v2.0
8.5
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
PostgreSQL versions 10.x before 10.1
PostgreSQL versions 9.6.x before 9.6.6
PostgreSQL versions 9.5.x before 9.5.10
PostgreSQL versions 9.4.x before 9.4.15
PostgreSQL versions 9.3.x before 9.3.20
Description
The issue is related to invalid
json populate recordset or jsonb populate recordset function calls in PostgreSQL, which can cause the server to crash or disclose a few bytes of server memory. This is due to a lack of protection for internal data. An attacker can exploit this issue to cause a denial of service or gain unauthorized access to protected information.Recommendations
For PostgreSQL versions 10.x before 10.1, update to version 10.1 or later.
For PostgreSQL versions 9.6.x before 9.6.6, update to version 9.6.6 or later.
For PostgreSQL versions 9.5.x before 9.5.10, update to version 9.5.10 or later.
For PostgreSQL versions 9.4.x before 9.4.15, update to version 9.4.15 or later.
For PostgreSQL versions 9.3.x before 9.3.20, update to version 9.3.20 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Postgresql
Suse
Ubuntu