Vulnerability Details CVE-2015-5289
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.075
EPSS Ranking 91.4%
CVSS Severity
CVSS v2 Score 6.4
References
- http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=08fa47c4850cea32c3116665975bca219fbf2fe6
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html
- http://www.debian.org/security/2015/dsa-3374
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.postgresql.org/about/news/1615/
- http://www.postgresql.org/docs/9.3/static/release-9-3-10.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-5.html
- http://www.securityfocus.com/bid/77048
- http://www.securitytracker.com/id/1033775
- http://www.ubuntu.com/usn/USN-2772-1
- https://security.gentoo.org/glsa/201701-33
- http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=08fa47c4850cea32c3116665975bca219fbf2fe6
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html
- http://www.debian.org/security/2015/dsa-3374
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.postgresql.org/about/news/1615/
- http://www.postgresql.org/docs/9.3/static/release-9-3-10.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-5.html
- http://www.securityfocus.com/bid/77048
- http://www.securitytracker.com/id/1033775
- http://www.ubuntu.com/usn/USN-2772-1
- https://security.gentoo.org/glsa/201701-33
Products affected by CVE-2015-5289
-
cpe:2.3:a:postgresql:postgresql:9.3.0
-
cpe:2.3:a:postgresql:postgresql:9.3.1
-
cpe:2.3:a:postgresql:postgresql:9.3.2
-
cpe:2.3:a:postgresql:postgresql:9.3.3
-
cpe:2.3:a:postgresql:postgresql:9.3.4
-
cpe:2.3:a:postgresql:postgresql:9.3.5
-
cpe:2.3:a:postgresql:postgresql:9.3.6
-
cpe:2.3:a:postgresql:postgresql:9.3.7
-
cpe:2.3:a:postgresql:postgresql:9.3.8
-
cpe:2.3:a:postgresql:postgresql:9.3.9
-
cpe:2.3:a:postgresql:postgresql:9.4.0
-
cpe:2.3:a:postgresql:postgresql:9.4.1
-
cpe:2.3:a:postgresql:postgresql:9.4.2
-
cpe:2.3:a:postgresql:postgresql:9.4.3
-
cpe:2.3:a:postgresql:postgresql:9.4.4
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:15.04
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0