Описание
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-3166
- http://ubuntu.com/usn/usn-2621-1
- http://www.debian.org/security/2015/dsa-3269
- http://www.debian.org/security/2015/dsa-3270
- http://www.postgresql.org/about/news/1587
- http://www.postgresql.org/docs/9.0/static/release-9-0-20.html
- http://www.postgresql.org/docs/9.1/static/release-9-1-16.html
- http://www.postgresql.org/docs/9.2/static/release-9-2-11.html
- http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-2.html
EPSS
CVE ID
Связанные уязвимости
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before ...
EPSS