Bruce Momjian

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 9.0.x through 9.0.18 PostgreSQL versions 9.1.x through 9.1.14 PostgreSQL versions 9.2.x through 9.2.9 PostgreSQL versions 9.3.x through 9.3.5 PostgreSQL versions 9.4.x through 9.4.0 **Description** The issue allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via a large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or a crafted timestamp formatting template, which triggers a buffer overflow. **Recommendations** For PostgreSQL versions 9.0.x through 9.0.18, update to version 9.0.19 or later. For PostgreSQL versions 9.1.x through 9.1.14, update to version 9.1.15 or later. For PostgreSQL versions 9.2.x through 9.2.9, update to version 9.2.10 or later. For PostgreSQL versions 9.3.x through 9.3.5, update to version 9.3.6 or later. For PostgreSQL versions 9.4.x through 9.4.0, update to version 9.4.1 or later.