CVE-2015-5288

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 9.0.23 PostgreSQL versions 9.1.x prior to 9.1.19 PostgreSQL versions 9.2.x prior to 9.2.14 PostgreSQL versions 9.3.x prior to 9.3.10 PostgreSQL versions 9.4.x prior to 9.4.5

Description The issue is related to the crypt function in the contrib/pgcrypto component of the PostgreSQL database management system, which lacks protection of service data. This can be exploited by a remote attacker to cause a denial of service, such as a server crash, or to read arbitrary server memory via a "too-short" salt. A memory leak in the crypt() function is also mentioned.

Recommendations For versions prior to 9.0.23, update to version 9.0.23 or later. For versions 9.1.x prior to 9.1.19, update to version 9.1.19 or later. For versions 9.2.x prior to 9.2.14, update to version 9.2.14 or later. For versions 9.3.x prior to 9.3.10, update to version 9.3.10 or later. For versions 9.4.x prior to 9.4.5, update to version 9.4.5 or later.