CVE-2015-0242

Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
postgresqlpostgresql
𝑥
< 9.0.19
postgresqlpostgresql
9.1.0 ≤
𝑥
< 9.1.15
postgresqlpostgresql
9.2.0 ≤
𝑥
< 9.2.10
postgresqlpostgresql
9.3.0 ≤
𝑥
< 9.3.6
postgresqlpostgresql
9.4.0 ≤
𝑥
< 9.4.1
debiandebian_linux
7.0
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-9.1
precise
not-affected
trusty
dne
vivid
dne
postgresql-9.4
precise
dne
trusty
dne
vivid
not-affected
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
postgresql92
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-contrib
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-debuginfo
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-devel
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-docs
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-libs
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-plperl
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-plpython
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-pltcl
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-server
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-server-compat
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed
postgresql92-test
Amazon Linux 1
0:9.2.10-1.49.amzn1
fixed