Marko Tiikkaja

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 9.0.0 through 9.0.18 PostgreSQL versions 9.1.x before 9.1.15 PostgreSQL versions 9.2.x before 9.2.10 PostgreSQL versions 9.3.x before 9.3.6 PostgreSQL versions 9.4.x before 9.4.1 **Description** The issue is related to multiple buffer overflows in the contrib/pgcrypto module of PostgreSQL, allowing remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. This is due to memory errors in functions within the pgcrypto extension. **Recommendations** For PostgreSQL versions 9.0.0 through 9.0.18, update to version 9.0.19 or later. For PostgreSQL versions 9.1.x before 9.1.15, update to version 9.1.15 or later. For PostgreSQL versions 9.2.x before 9.2.10, update to version 9.2.10 or later. For PostgreSQL versions 9.3.x before 9.3.6, update to version 9.3.6 or later. For PostgreSQL versions 9.4.x before 9.4.1, update to version 9.4.1 or later.