Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2015-AVI-239
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans PostgreSQL. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service à distance.
Solution
Se référer au bulletin de mise à jour de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Versions 9.4, 9.3, 9.2, 9.1, 9.0.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eVersions 9.4, 9.3, 9.2, 9.1, 9.0.\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de mise \u00e0 jour de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-3165",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3165"
},
{
"name": "CVE-2015-3167",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3167"
},
{
"name": "CVE-2015-3166",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3166"
}
],
"initial_release_date": "2015-05-29T00:00:00",
"last_revision_date": "2015-05-29T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-239",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-05-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePostgreSQL\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un d\u00e9ni\nde service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans PostgreSQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de mise \u00e0 jour PostgreSQL du 22 mai 2015",
"url": "http://www.postgresql.org/about/news/1587/"
}
]
}
CVE-2015-3167 (GCVE-0-2015-3167)
Vulnerability from cvelistv5
Published
2019-11-20 20:50
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PostgreSQL Global Development Group | PostgreSQL |
Version: before 9.0.20 Version: 9.1.x before 9.1.16 Version: 9.2.x before 9.2.11 Version: 9.3.x before 9.3.7 Version: and 9.4.x before 9.4.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.postgresql.org/about/news/1587/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3269"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3270"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2621-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostgreSQL",
"vendor": "PostgreSQL Global Development Group",
"versions": [
{
"status": "affected",
"version": "before 9.0.20"
},
{
"status": "affected",
"version": "9.1.x before 9.1.16"
},
{
"status": "affected",
"version": "9.2.x before 9.2.11"
},
{
"status": "affected",
"version": "9.3.x before 9.3.7"
},
{
"status": "affected",
"version": "and 9.4.x before 9.4.2"
}
]
}
],
"datePublic": "2015-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T20:50:14",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.postgresql.org/about/news/1587/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3269"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3270"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ubuntu.com/usn/usn-2621-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "before 9.0.20"
},
{
"version_value": "9.1.x before 9.1.16"
},
{
"version_value": "9.2.x before 9.2.11"
},
{
"version_value": "9.3.x before 9.3.7"
},
{
"version_value": "and 9.4.x before 9.4.2"
}
]
}
}
]
},
"vendor_name": "PostgreSQL Global Development Group"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.postgresql.org/about/news/1587/",
"refsource": "MISC",
"url": "http://www.postgresql.org/about/news/1587/"
},
{
"name": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html",
"refsource": "MISC",
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html"
},
{
"name": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html",
"refsource": "MISC",
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html"
},
{
"name": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html",
"refsource": "MISC",
"url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html"
},
{
"name": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html",
"refsource": "MISC",
"url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html"
},
{
"name": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html",
"refsource": "MISC",
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"
},
{
"name": "http://www.debian.org/security/2015/dsa-3269",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3269"
},
{
"name": "http://www.debian.org/security/2015/dsa-3270",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3270"
},
{
"name": "http://ubuntu.com/usn/usn-2621-1",
"refsource": "MISC",
"url": "http://ubuntu.com/usn/usn-2621-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3167",
"datePublished": "2019-11-20T20:50:14",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3166 (GCVE-0-2015-3166)
Vulnerability from cvelistv5
Published
2019-11-20 20:50
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PostgreSQL Global Development Group | PostgreSQL |
Version: before 9.0.20 Version: 9.1.x before 9.1.16 Version: 9.2.x before 9.2.11 Version: 9.3.x before 9.3.7 Version: and 9.4.x before 9.4.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.postgresql.org/about/news/1587/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3269"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3270"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2621-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PostgreSQL",
"vendor": "PostgreSQL Global Development Group",
"versions": [
{
"status": "affected",
"version": "before 9.0.20"
},
{
"status": "affected",
"version": "9.1.x before 9.1.16"
},
{
"status": "affected",
"version": "9.2.x before 9.2.11"
},
{
"status": "affected",
"version": "9.3.x before 9.3.7"
},
{
"status": "affected",
"version": "and 9.4.x before 9.4.2"
}
]
}
],
"datePublic": "2015-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T20:50:16",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.postgresql.org/about/news/1587/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3269"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3270"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ubuntu.com/usn/usn-2621-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "before 9.0.20"
},
{
"version_value": "9.1.x before 9.1.16"
},
{
"version_value": "9.2.x before 9.2.11"
},
{
"version_value": "9.3.x before 9.3.7"
},
{
"version_value": "and 9.4.x before 9.4.2"
}
]
}
}
]
},
"vendor_name": "PostgreSQL Global Development Group"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.postgresql.org/about/news/1587/",
"refsource": "MISC",
"url": "http://www.postgresql.org/about/news/1587/"
},
{
"name": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html",
"refsource": "MISC",
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html"
},
{
"name": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html",
"refsource": "MISC",
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html"
},
{
"name": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html",
"refsource": "MISC",
"url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html"
},
{
"name": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html",
"refsource": "MISC",
"url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html"
},
{
"name": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html",
"refsource": "MISC",
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"
},
{
"name": "http://www.debian.org/security/2015/dsa-3269",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3269"
},
{
"name": "http://www.debian.org/security/2015/dsa-3270",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3270"
},
{
"name": "http://ubuntu.com/usn/usn-2621-1",
"refsource": "MISC",
"url": "http://ubuntu.com/usn/usn-2621-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3166",
"datePublished": "2019-11-20T20:50:16",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3165 (GCVE-0-2015-3165)
Vulnerability from cvelistv5
Published
2015-05-28 14:00
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/about/news/1587/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html"
},
{
"name": "USN-2621-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2621-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"
},
{
"name": "RHSA-2015:1195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1195.html"
},
{
"name": "DSA-3269",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3269"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html"
},
{
"name": "GLSA-201507-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-20"
},
{
"name": "RHSA-2015:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1194.html"
},
{
"name": "DSA-3270",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html"
},
{
"name": "APPLE-SA-2015-09-16-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205219"
},
{
"name": "RHSA-2015:1196",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1196.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "74787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/about/news/1587/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html"
},
{
"name": "USN-2621-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2621-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"
},
{
"name": "RHSA-2015:1195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1195.html"
},
{
"name": "DSA-3269",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3269"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html"
},
{
"name": "GLSA-201507-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-20"
},
{
"name": "RHSA-2015:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1194.html"
},
{
"name": "DSA-3270",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html"
},
{
"name": "APPLE-SA-2015-09-16-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205219"
},
{
"name": "RHSA-2015:1196",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1196.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74787"
},
{
"name": "http://www.postgresql.org/about/news/1587/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news/1587/"
},
{
"name": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html"
},
{
"name": "USN-2621-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2621-1"
},
{
"name": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"
},
{
"name": "RHSA-2015:1195",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1195.html"
},
{
"name": "DSA-3269",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3269"
},
{
"name": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html"
},
{
"name": "GLSA-201507-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-20"
},
{
"name": "RHSA-2015:1194",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1194.html"
},
{
"name": "DSA-3270",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3270"
},
{
"name": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html"
},
{
"name": "APPLE-SA-2015-09-16-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"name": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html"
},
{
"name": "https://support.apple.com/HT205219",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205219"
},
{
"name": "RHSA-2015:1196",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1196.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3165",
"datePublished": "2015-05-28T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…