PT-2017-3859 · Postgresql+2 · Postgresql+2
Published
2017-09-11
·
Updated
2026-01-30
·
CVE-2017-15098
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
PostgreSQL versions 10.x before 10.1
PostgreSQL versions 9.6.x before 9.6.6
PostgreSQL versions 9.5.x before 9.5.10
PostgreSQL versions 9.4.x before 9.4.15
PostgreSQL versions 9.3.x before 9.3.20
Description
The issue is related to invalid
json populate recordset or jsonb populate recordset function calls in PostgreSQL, which can cause the server to crash or disclose a few bytes of server memory. This is due to a lack of protection for internal data. An attacker can exploit this issue to cause a denial of service or gain unauthorized access to protected information.Recommendations
For PostgreSQL versions 10.x before 10.1, update to version 10.1 or later.
For PostgreSQL versions 9.6.x before 9.6.6, update to version 9.6.6 or later.
For PostgreSQL versions 9.5.x before 9.5.10, update to version 9.5.10 or later.
For PostgreSQL versions 9.4.x before 9.4.15, update to version 9.4.15 or later.
For PostgreSQL versions 9.3.x before 9.3.20, update to version 9.3.20 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Postgresql
Suse
Ubuntu