Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-3165

Published: 28/05/2015 Updated: 05/01/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Ubuntu Linux

Vulnerability Summary

Double free vulnerability in PostgreSQL prior to 9.0.20, 9.1.x prior to 9.1.16, 9.2.x prior to 9.2.11, 9.3.x prior to 9.3.7, and 9.4.x prior to 9.4.2 allows remote malicious users to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 15.04

debian debian linux 7.0

canonical ubuntu linux 14.04

canonical ubuntu linux 14.10

debian debian linux 8.0

canonical ubuntu linux 12.04

apple mac os x server 5.0.2

postgresql postgresql 9.1.1

postgresql postgresql 9.1.2

postgresql postgresql 9.1.3

postgresql postgresql 9.1.10

postgresql postgresql 9.1.11

postgresql postgresql 9.2.2

postgresql postgresql 9.2.3

postgresql postgresql 9.2.10

postgresql postgresql 9.3

postgresql postgresql 9.3.1

postgresql postgresql 9.4.1

postgresql postgresql

postgresql postgresql 9.1

postgresql postgresql 9.1.8

postgresql postgresql 9.1.9

postgresql postgresql 9.2

postgresql postgresql 9.2.1

postgresql postgresql 9.2.8

postgresql postgresql 9.2.9

postgresql postgresql 9.3.6

postgresql postgresql 9.4.0

postgresql postgresql 9.1.4

postgresql postgresql 9.1.5

postgresql postgresql 9.1.12

postgresql postgresql 9.1.13

postgresql postgresql 9.2.4

postgresql postgresql 9.2.5

postgresql postgresql 9.3.2

postgresql postgresql 9.3.3

postgresql postgresql 9.1.6

postgresql postgresql 9.1.7

postgresql postgresql 9.1.14

postgresql postgresql 9.1.15

postgresql postgresql 9.2.6

postgresql postgresql 9.2.7

postgresql postgresql 9.3.4

postgresql postgresql 9.3.5

Vendor Advisories

Ubuntu Security Notice: postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities
Several security issues were fixed in PostgreSQL ...
Debian Security Advisories: DSA-3270-1 postgresql-9.4 -- security update
Several vulnerabilities have been found in PostgreSQL-94, a SQL database system CVE-2015-3165 (Remote crash) SSL clients disconnecting just before the authentication timeout expires can cause the server to crash CVE-2015-3166 (Information exposure) The replacement implementation of snprintf() failed to check for errors reported ...
Debian Security Advisories: DSA-3269-1 postgresql-9.1 -- security update
Several vulnerabilities have been found in PostgreSQL-91, a SQL database system CVE-2015-3165 (Remote crash) SSL clients disconnecting just before the authentication timeout expires can cause the server to crash CVE-2015-3166 (Information exposure) The replacement implementation of snprintf() failed to check for errors r ...
Amazon Linux AMI: ALAS-2015-545
Double free vulnerability in PostgreSQL before 9020, 91x before 9116, 92x before 9211, 93x before 937, and 94x before 942 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence ...
Amazon Linux AMI: ALAS-2015-556
A double-free flaw was found in the connection handling An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered (CVE-2015-3165) It was discovered that PostgreSQL did not properly check the return values of certain standard libr ...
Amazon Linux AMI: ALAS-2015-546
Double free vulnerability in PostgreSQL before 9020, 91x before 9116, 92x before 9211, 93x before 937, and 94x before 942 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence ...

References

NVD-CWE-Otherhttp://www.postgresql.org/about/news/1587/http://www.postgresql.org/docs/9.2/static/release-9-2-11.htmlhttp://www.postgresql.org/docs/9.1/static/release-9-1-16.htmlhttp://www.debian.org/security/2015/dsa-3270http://www.postgresql.org/docs/9.3/static/release-9-3-7.htmlhttp://www.postgresql.org/docs/9.0/static/release-9-0-20.htmlhttp://www.debian.org/security/2015/dsa-3269http://www.ubuntu.com/usn/USN-2621-1http://www.postgresql.org/docs/9.4/static/release-9-4-2.htmlhttp://www.securityfocus.com/bid/74787http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.htmlhttps://support.apple.com/HT205219https://security.gentoo.org/glsa/201507-20http://rhn.redhat.com/errata/RHSA-2015-1196.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1195.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1194.htmlhttps://usn.ubuntu.com/2621-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook