CVE-2015-0243 — Classic Buffer Overflow in Postgresql

CWE-120 — Classic Buffer Overflow CWE-122 — Heap-based Buffer Overflow9 documents8 sources

Severity

8.8HIGHNVD

EPSS

6.7%

top 8.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Postgresql Postgresql Global Development Group Postgresql Debian Linux

Timeline

PublishedJan 27

Latest updateMay 24

Description

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDpostgresql/postgresql9.1.0 — 9.1.15+4

▶CVEListV5postgresql_global_development_group/postgresql5 versions+4

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-4c7q-44j3-76m6: Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9↗2022-05-24

▶

CVEList

CVE-2015-0243: Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9↗2020-01-27

▶

OSV

CVE-2015-0243: Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9↗2015-02-06

▶

📋Vendor Advisories

Red Hat

postgresql: buffer overflow flaws in contrib/pgcrypto↗2015-02-16

▶

Ubuntu

PostgreSQL vulnerabilities↗2015-02-11

▶

Apple

CVE-2015-0243: OS X Server v5.0.3↗

▶

Apple

CVE-2015-0243: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶

💬Community

Bugzilla

CVE-2015-0243 postgresql: buffer overflow flaws in contrib/pgcrypto↗2015-02-03

▶