CVE-2015-0242
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6.5/10
- Exploit Score
- 8/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- Single
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
CVSSv3.1 Score
- Severity
- High
- Base Score
- 8.8/10
- Exploit Score
- 2.8/10
- Access Vector
- Network
- Access Complexity
- Low
- Privileges Required
- Low
- Impact Score
- 5.9/10
- Confidentiality Impact
- High
- Availability Impact
- High
- Integrity Impact
- High
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
Yes
|
- | 9.0.19 | |
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
Yes
|
9.1.0 | 9.1.15 | |
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
Yes
|
9.2.0 | 9.2.10 | |
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
Yes
|
9.3.0 | 9.3.6 | |
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
Yes
|
9.4.0 | 9.4.1 | |
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
No
|
- |
References
- http://www.postgresql.org/about/news/1569/
- http://www.debian.org/security/2015/dsa-3155
- http://www.postgresql.org/docs/9.4/static/release-9-4-1.html
- http://www.postgresql.org/docs/current/static/release-9-2-10.html
- http://www.postgresql.org/docs/current/static/release-9-0-19.html
- http://www.postgresql.org/docs/current/static/release-9-1-15.html
- http://www.postgresql.org/docs/current/static/release-9-3-6.html
Ready to dive in? Start your free trial today.
Companies of all sizes—from startups to Fortune 500s—use Mageni to scan their assets for vulnerabilities, reduce risk exposure and minimizing the likelihood of a data breach. Free for 7-days then $39 USD Monthly. No Contracts, Cancel at Anytime and 7-days Money-Back Guarantee.
Get Started For Free