CVE-2015-3166
20.11.2019, 21:15
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.Enginsight
| Vendor | Product | Version |
|---|---|---|
| postgresql | postgresql | 𝑥 < 9.0.20 |
| postgresql | postgresql | 9.1 ≤ 𝑥 < 9.1.16 |
| postgresql | postgresql | 9.2 ≤ 𝑥 < 9.2.11 |
| postgresql | postgresql | 9.3 ≤ 𝑥 < 9.3.7 |
| postgresql | postgresql | 9.4 ≤ 𝑥 < 9.4.2 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 14.10 |
| canonical | ubuntu_linux | 15.04 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| postgresql-8.4 |
| ||||||||||||||||
| postgresql-9.1 |
| ||||||||||||||||
| postgresql-9.3 |
| ||||||||||||||||
| postgresql-9.4 |
|
Common Weakness Enumeration
References