CVE-2016-0773

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 9.1.20 PostgreSQL versions 9.2.x prior to 9.2.15 PostgreSQL versions 9.3.x prior to 9.3.11 PostgreSQL versions 9.4.x prior to 9.4.6 PostgreSQL versions 9.5.x prior to 9.5.1

Description The issue allows remote attackers to cause a denial of service, potentially resulting in an infinite loop or buffer overflow and crash, via a large Unicode character range in a regular expression. This can be exploited by an attacker to disrupt service. The problem is caused by an unchecked regex that can crash the server.

Recommendations For PostgreSQL versions prior to 9.1.20, update to version 9.1.20 or later. For PostgreSQL versions 9.2.x prior to 9.2.15, update to version 9.2.15 or later. For PostgreSQL versions 9.3.x prior to 9.3.11, update to version 9.3.11 or later. For PostgreSQL versions 9.4.x prior to 9.4.6, update to version 9.4.6 or later. For PostgreSQL versions 9.5.x prior to 9.5.1, update to version 9.5.1 or later. As a temporary workaround, consider restricting the use of regular expressions containing large Unicode character ranges until a patch is applied.