CVE-2015-3165

CWE-416 — Use After Free9 documents8 sources

Severity

4.3MEDIUM

EPSS

9.7%

top 7.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Postgresql Postgresql Apple MAC OS X Server Canonical Ubuntu Linux +1 more

Timeline

PublishedMay 28

Latest updateMay 14

Description

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶Ubuntupostgresql-9.1< 9.1.16-0ubuntu0.14.04

▶Ubuntupostgresql-9.3< 9.3.7-0ubuntu0.14.04

▶NVDpostgresql/postgresql9.0.19+36

▶NVDapple/mac_os_x_server5.0.2

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 14.10, 15.04

🔴Vulnerability Details

GHSA

GHSA-qw8w-35hc-552q: Double free vulnerability in PostgreSQL before 9↗2022-05-14

▶

CVEList

CVE-2015-3165: Double free vulnerability in PostgreSQL before 9↗2015-05-28

▶

OSV

postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities↗2015-05-25

▶

OSV

CVE-2015-3165: Double free vulnerability in PostgreSQL before 9↗2015-05-22

▶

📋Vendor Advisories

Ubuntu

PostgreSQL vulnerabilities↗2015-05-25

▶

Red Hat

postgresql: double-free after authentication timeout↗2015-05-22

▶

Apple

CVE-2015-3165: OS X Server v5.0.3↗

▶

💬Community

Bugzilla

CVE-2015-3165 postgresql: double-free after authentication timeout↗2015-05-14

▶