CVE-2015-0242

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 9.0.19 PostgreSQL versions 9.1.x prior to 9.1.15 PostgreSQL versions 9.2.x prior to 9.2.10 PostgreSQL versions 9.3.x prior to 9.3.6 PostgreSQL versions 9.4.x prior to 9.4.1

Description A stack-based buffer overflow in the *printf function implementations in PostgreSQL, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to char function.

Recommendations For PostgreSQL versions prior to 9.0.19, update to version 9.0.19 or later. For PostgreSQL versions 9.1.x prior to 9.1.15, update to version 9.1.15 or later. For PostgreSQL versions 9.2.x prior to 9.2.10, update to version 9.2.10 or later. For PostgreSQL versions 9.3.x prior to 9.3.6, update to version 9.3.6 or later. For PostgreSQL versions 9.4.x prior to 9.4.1, update to version 9.4.1 or later. As a temporary workaround, consider restricting the use of the to char function until a patch is available.