Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2015-0241

Published: 27/01/2020 Updated: 31/01/2020
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Postgresql

Vulnerability Summary

The to_char function in PostgreSQL prior to 9.0.19, 9.1.x prior to 9.1.15, 9.2.x prior to 9.2.10, 9.3.x prior to 9.3.6, and 9.4.x prior to 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

postgresql postgresql

debian debian linux 7.0

debian debian linux 8.0

Vendor Advisories

Ubuntu Security Notice: postgresql-8.4, postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities
Several security issues were fixed in PostgreSQL ...
Debian Security Advisories: DSA-3155-1 postgresql-9.1 -- security update
Several vulnerabilities have been found in PostgreSQL-91, a SQL database system CVE-2014-8161: Information leak A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages CVE-2015-0241: Out of boundaries read/write The function to_char() might read/write past the e ...
Amazon Linux AMI: ALAS-2015-492
A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL (CVE-2015-0241) A buffer overflow ...
Amazon Linux AMI: ALAS-2015-503
An information leak flaw was found in the way the PostgreSQL database server handled certain error messages An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed (CVE-2014-8161) A buffer overflow ...

References

CWE-120http://www.postgresql.org/about/news/1569/http://www.debian.org/security/2015/dsa-3155http://www.postgresql.org/docs/9.4/static/release-9-4-1.htmlhttp://www.postgresql.org/docs/current/static/release-9-2-10.htmlhttp://www.postgresql.org/docs/current/static/release-9-0-19.htmlhttp://www.postgresql.org/docs/current/static/release-9-1-15.htmlhttp://www.postgresql.org/docs/current/static/release-9-3-6.htmlhttps://usn.ubuntu.com/2499-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook