6.4
CVSSv2

CVE-2015-5288

Published: 26/10/2015 Updated: 01/07/2017
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Summary

The crypt function in contrib/pgcrypto in PostgreSQL prior to 9.0.23, 9.1.x prior to 9.1.19, 9.2.x prior to 9.2.14, 9.3.x prior to 9.3.10, and 9.4.x prior to 9.4.5 allows malicious users to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.

Vulnerable Product Search on Vulmon Subscribe to Product

postgresql postgresql 9.3.8

postgresql postgresql 9.2.1

postgresql postgresql 9.1.4

postgresql postgresql 9.1.13

postgresql postgresql 9.3

postgresql postgresql

postgresql postgresql 9.1.12

postgresql postgresql 9.2.13

postgresql postgresql 9.2.9

postgresql postgresql 9.2.12

postgresql postgresql 9.1.14

postgresql postgresql 9.3.5

postgresql postgresql 9.1.15

postgresql postgresql 9.3.2

postgresql postgresql 9.2.6

postgresql postgresql 9.2.11

postgresql postgresql 9.1

postgresql postgresql 9.2.3

postgresql postgresql 9.4.2

postgresql postgresql 9.1.9

postgresql postgresql 9.3.7

postgresql postgresql 9.4.0

postgresql postgresql 9.4.4

postgresql postgresql 9.1.18

postgresql postgresql 9.1.5

postgresql postgresql 9.1.8

postgresql postgresql 9.3.6

postgresql postgresql 9.2

postgresql postgresql 9.1.16

postgresql postgresql 9.1.17

postgresql postgresql 9.1.2

postgresql postgresql 9.1.6

postgresql postgresql 9.4.3

postgresql postgresql 9.2.4

postgresql postgresql 9.2.10

postgresql postgresql 9.1.7

postgresql postgresql 9.1.3

postgresql postgresql 9.3.3

postgresql postgresql 9.4.1

postgresql postgresql 9.2.7

postgresql postgresql 9.3.1

postgresql postgresql 9.2.8

postgresql postgresql 9.1.1

postgresql postgresql 9.3.9

postgresql postgresql 9.3.4

postgresql postgresql 9.1.10

postgresql postgresql 9.2.5

postgresql postgresql 9.1.11

postgresql postgresql 9.2.2

Vendor Advisories

PostgreSQL could be made to crash or expose private information if it handled specially crafted data ...
Several vulnerabilities have been found in PostgreSQL-94, a SQL database system CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt() function in the pgCrypto extension Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory CVE-2015-5289 Oskari Saarenmaa disco ...
Several vulnerabilities have been found in PostgreSQL-91, a SQL database system CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt() function in the pgCrypto extension Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory CVE-2016-0766 A privilege escalation ...
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 93x before 9310 and 94x before 945 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values (CVE-2015-5289) The crypt function in contrib/pgcrypto in PostgreSQL before 9023, ...
A memory leak error was discovered in the crypt() function of the pgCrypto extension An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory (CVE-2015-5288) ...
A memory leak error was discovered in the crypt() function of the pgCrypto extension An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory ...