Your submission was sent successfully! Close

CVE-2015-5289

Published: 9 October 2015

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.

Priority

Medium

Status

Package Release Status
postgresql-8.4
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needs-triage)
trusty Does not exist

upstream Needs triage

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

postgresql-9.1
Launchpad, Ubuntu, Debian
precise
Released (9.1.19-0ubuntu0.12.04)
trusty Does not exist
(trusty was released [9.1.19-0ubuntu0.14.04 ])
upstream
Released (9.1.19)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

postgresql-9.3
Launchpad, Ubuntu, Debian
precise Does not exist

trusty
Released (9.3.10-0ubuntu0.14.04)
upstream
Released (9.3.10)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

postgresql-9.4
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (9.4.5-1)
vivid
Released (9.4.5-0ubuntu0.15.04)
wily Not vulnerable
(9.4.5-1)
xenial Does not exist

yakkety Does not exist

zesty Does not exist