CVE-2015-3166Improper Restriction of Operations within the Bounds of a Memory Buffer in Postgresql

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-391Unchecked Error Condition9 documents8 sources
Severity
9.8CRITICALNVD
OSV4.3
EPSS
5.4%
top 9.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
PostgresqlPostgresql Global Development Group PostgresqlCanonical Ubuntu Linux+1 more
Timeline
PublishedNov 20
Latest updateMay 24

Description

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDpostgresql/postgresql9.19.1.16+4

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 14.10, 15.04

🔴Vulnerability Details

4
GHSA
GHSA-65w5-rcgr-gxgj: The snprintf implementation in PostgreSQL before 92022-05-24
CVEList
CVE-2015-3166: The snprintf implementation in PostgreSQL before 92019-11-20
OSV
postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities2015-05-25
OSV
CVE-2015-3166: The snprintf implementation in PostgreSQL before 92015-05-22

📋Vendor Advisories

3
Ubuntu
PostgreSQL vulnerabilities2015-05-25
Red Hat
postgresql: unanticipated errors from the standard library2015-05-22
Apple
CVE-2015-3166: OS X Server v5.0.3

💬Community

1
Bugzilla
CVE-2015-3166 postgresql: unanticipated errors from the standard library2015-05-14
CVE-2015-3166 — Postgresql vulnerability | cvebase