CVE-2015-5289
26.10.2015, 14:59
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| postgresql | postgresql | 9.3.0 ≤ 𝑥 < 9.3.10 |
| postgresql | postgresql | 9.4.0 ≤ 𝑥 < 9.4.5 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 15.04 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| postgresql-8.4 |
| ||||||||||||||
| postgresql-9.1 |
| ||||||||||||||
| postgresql-9.3 |
| ||||||||||||||
| postgresql-9.4 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| libecpg6 |
| ||||||||
| libpq5 |
| ||||||||
| libpq5-32bit |
| ||||||||
| postgresql-init |
| ||||||||
| postgresql10 |
| ||||||||
| postgresql10-contrib |
| ||||||||
| postgresql10-docs |
| ||||||||
| postgresql10-plperl |
| ||||||||
| postgresql10-plpython |
| ||||||||
| postgresql10-pltcl |
| ||||||||
| postgresql10-server |
| ||||||||
| postgresql93 |
| ||||||||
| postgresql93-contrib |
| ||||||||
| postgresql93-docs |
| ||||||||
| postgresql93-server |
| ||||||||
| postgresql94 |
| ||||||||
| postgresql94-contrib |
| ||||||||
| postgresql94-docs |
| ||||||||
| postgresql94-server |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||
|---|---|---|---|
| postgresql |
| ||
| postgresql-contrib |
| ||
| postgresql-devel |
| ||
| postgresql-docs |
| ||
| postgresql-libs |
| ||
| postgresql-plperl |
| ||
| postgresql-plpython |
| ||
| postgresql-pltcl |
| ||
| postgresql-server |
| ||
| postgresql-test |
| ||
| postgresql-upgrade |
|
Common Weakness Enumeration
References