PT-2015-1387 · Postgresql+4 · Postgresql+4
Benkocs Norbert Attila
·
Published
2015-05-22
·
Updated
2024-06-15
·
CVE-2015-3165
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
PostgreSQL versions 9.0.x through 9.0.19
PostgreSQL versions 9.1.x through 9.1.15
PostgreSQL versions 9.2.x through 9.2.10
PostgreSQL versions 9.3.x through 9.3.6
PostgreSQL versions 9.4.x through 9.4.1
Description
The issue is related to a double free vulnerability that allows remote attackers to cause a denial of service by closing an SSL session at a specific time during the session shutdown sequence. This can lead to a crash. The estimated number of potentially affected devices and details about real-world incidents are not provided.
Recommendations
For PostgreSQL versions 9.0.x through 9.0.19, update to version 9.0.20 or later.
For PostgreSQL versions 9.1.x through 9.1.15, update to version 9.1.16 or later.
For PostgreSQL versions 9.2.x through 9.2.10, update to version 9.2.11 or later.
For PostgreSQL versions 9.3.x through 9.3.6, update to version 9.3.7 or later.
For PostgreSQL versions 9.4.x through 9.4.1, update to version 9.4.2 or later.
Fix
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Postgresql
Red Hat
Suse
Ubuntu