Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2015-0244

Published: 27/01/2020 Updated: 31/01/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Postgresql

Vulnerability Summary

PostgreSQL prior to 9.0.19, 9.1.x prior to 9.1.15, 9.2.x prior to 9.2.10, 9.3.x prior to 9.3.6, and 9.4.x prior to 9.4.1 does not properly handle errors while reading a protocol message, which allows remote malicious users to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

postgresql postgresql

debian debian linux 7.0

debian debian linux 8.0

Vendor Advisories

Ubuntu Security Notice: postgresql-8.4, postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities
Several security issues were fixed in PostgreSQL ...
Debian Security Advisories: DSA-3155-1 postgresql-9.1 -- security update
Several vulnerabilities have been found in PostgreSQL-91, a SQL database system CVE-2014-8161: Information leak A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages CVE-2015-0241: Out of boundaries read/write The function to_char() might read/write past the e ...
Amazon Linux AMI: ALAS-2015-492
A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL (CVE-2015-0241) A buffer overflow ...
Amazon Linux AMI: ALAS-2015-485
A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL (CVE-2015-0243) A flaw was found in way PostgreSQL handled certain errors during that were generated duri ...
Amazon Linux AMI: ALAS-2015-503
An information leak flaw was found in the way the PostgreSQL database server handled certain error messages An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed (CVE-2014-8161) A buffer overflow ...

References

CWE-89http://www.postgresql.org/about/news/1569/http://www.debian.org/security/2015/dsa-3155http://www.postgresql.org/docs/9.4/static/release-9-4-1.htmlhttp://www.postgresql.org/docs/current/static/release-9-2-10.htmlhttp://www.postgresql.org/docs/current/static/release-9-0-19.htmlhttp://www.postgresql.org/docs/current/static/release-9-1-15.htmlhttp://www.postgresql.org/docs/current/static/release-9-3-6.htmlhttps://usn.ubuntu.com/2499-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook