Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2015-0243

Published: 27/01/2020 Updated: 31/01/2020
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Postgresql

Vulnerability Summary

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL prior to 9.0.19, 9.1.x prior to 9.1.15, 9.2.x prior to 9.2.10, 9.3.x prior to 9.3.6, and 9.4.x prior to 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

postgresql postgresql

debian debian linux 7.0

debian debian linux 8.0

Vendor Advisories

Ubuntu Security Notice: postgresql-8.4, postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities
Several security issues were fixed in PostgreSQL ...
Debian Security Advisories: DSA-3155-1 postgresql-9.1 -- security update
Several vulnerabilities have been found in PostgreSQL-91, a SQL database system CVE-2014-8161: Information leak A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages CVE-2015-0241: Out of boundaries read/write The function to_char() might read/write past the e ...
Amazon Linux AMI: ALAS-2015-492
A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL (CVE-2015-0241) A buffer overflow ...
Amazon Linux AMI: ALAS-2015-485
A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL (CVE-2015-0243) A flaw was found in way PostgreSQL handled certain errors during that were generated duri ...
Amazon Linux AMI: ALAS-2015-503
An information leak flaw was found in the way the PostgreSQL database server handled certain error messages An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed (CVE-2014-8161) A buffer overflow ...

References

CWE-120http://www.postgresql.org/about/news/1569/http://www.debian.org/security/2015/dsa-3155http://www.postgresql.org/docs/9.4/static/release-9-4-1.htmlhttp://www.postgresql.org/docs/current/static/release-9-2-10.htmlhttp://www.postgresql.org/docs/current/static/release-9-0-19.htmlhttp://www.postgresql.org/docs/current/static/release-9-1-15.htmlhttp://www.postgresql.org/docs/current/static/release-9-3-6.htmlhttps://usn.ubuntu.com/2499-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook