CVE-2015-0242 — Out-of-bounds Write in Postgresql

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow7 documents6 sources

Severity

8.8HIGHNVD

EPSS

3.4%

top 12.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Postgresql Postgresql Global Development Group Postgresql Debian Linux

Timeline

PublishedJan 27

Latest updateMay 24

Description

Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDpostgresql/postgresql9.1.0 — 9.1.15+4

▶CVEListV5postgresql_global_development_group/postgresql5 versions+4

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-484w-vg65-78pg: Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9↗2022-05-24

▶

CVEList

CVE-2015-0242: Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9↗2020-01-27

▶

📋Vendor Advisories

Red Hat

postgresql: buffer overflow flaws in replacement *printf() functions↗2015-02-16

▶

Apple

CVE-2015-0242: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶

Apple

CVE-2015-0242: OS X Server v5.0.3↗

▶

💬Community

Bugzilla

CVE-2015-0242 postgresql: buffer overflow flaws in replacement *printf() functions↗2015-02-03

▶