CVE-2016-0773

Published: 11 February 2016

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
postgresql-8.4 Launchpad, Ubuntu, Debian	precise	Does not exist (precise was needs-triage)
	trusty	Does not exist
	upstream	Needs triage
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
postgresql-9.1 Launchpad, Ubuntu, Debian	precise	Released (9.1.20-0ubuntu0.12.04)
	trusty	Does not exist (trusty was released [9.1.20-0ubuntu0.14.04])
	upstream	Needs triage
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
postgresql-9.3 Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Released (9.3.11-0ubuntu0.14.04)
	upstream	Needs triage
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
postgresql-9.4 Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	vivid	Ignored (reached end-of-life)
	wily	Released (9.4.6-0ubuntu0.15.10)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
postgresql-9.5 Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist
	upstream	Released (9.5.1)
	vivid	Does not exist
	wily	Does not exist
	xenial	Not vulnerable (9.5.1-1)
	yakkety	Not vulnerable (9.5.1-1)
	zesty	Does not exist

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2016-0773

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading