PT-2015-4538 · Postgresql+4 · Postgresql+4

Marko Tiikkaja

+1

·

Published

2015-02-05

·

Updated

2024-06-15

·

CVE-2015-0243

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PostgreSQL versions 9.0.0 through 9.0.18 PostgreSQL versions 9.1.x before 9.1.15 PostgreSQL versions 9.2.x before 9.2.10 PostgreSQL versions 9.3.x before 9.3.6 PostgreSQL versions 9.4.x before 9.4.1
Description The issue is related to multiple buffer overflows in the contrib/pgcrypto module of PostgreSQL, allowing remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. This is due to memory errors in functions within the pgcrypto extension.
Recommendations For PostgreSQL versions 9.0.0 through 9.0.18, update to version 9.0.19 or later. For PostgreSQL versions 9.1.x before 9.1.15, update to version 9.1.15 or later. For PostgreSQL versions 9.2.x before 9.2.10, update to version 9.2.10 or later. For PostgreSQL versions 9.3.x before 9.3.6, update to version 9.3.6 or later. For PostgreSQL versions 9.4.x before 9.4.1, update to version 9.4.1 or later.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CESA-2015_0750
CVE-2015-0243
DLA-152-1
DSA-3155-1
MGASA-2015-0069
OPENSUSE-SU-2024:10256-1
RHSA-2015:0699
RHSA-2015:0750
RHSA-2015:0856
RHSA-2015_0750
SUSE-SU-2015:0478-1
USN-2499-1

Affected Products

Centos
Postgresql
Red Hat
Suse
Ubuntu