Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2015-0241

Published: 6 February 2015

The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
postgresql-8.4
Launchpad, Ubuntu, Debian
lucid
Released (8.4.22-0ubuntu0.10.04.1)
precise Does not exist
(precise was needed)
trusty Does not exist

upstream Ignored
(reached end-of-life)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

postgresql-9.1
Launchpad, Ubuntu, Debian
lucid Does not exist

precise
Released (9.1.15-0ubuntu0.12.04)
trusty Does not exist
(trusty was released [9.1.15-0ubuntu0.14.04])
upstream
Released (9.1.15)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

postgresql-9.3
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty
Released (9.3.6-0ubuntu0.14.04)
upstream
Released (9.3.6)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

postgresql-9.4
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (9.4.1)
utopic
Released (9.4.1-0ubuntu0.14.10)
vivid Not vulnerable
(9.4.1-1)
wily Not vulnerable
(9.4.1-1)
xenial Does not exist

yakkety Does not exist

zesty Does not exist