Описание
The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | postgresql | Will not fix | ||
| Red Hat Enterprise Linux 7 | postgresql | Not affected | ||
| CloudForms Management Engine 5.x | cfme | Fixed | RHSA-2014:0469 | 12.05.2014 |
| CloudForms Management Engine 5.x | postgresql92-postgresql | Fixed | RHSA-2014:0469 | 12.05.2014 |
| CloudForms Management Engine 5.x | prince | Fixed | RHSA-2014:0469 | 12.05.2014 |
| CloudForms Management Engine 5.x | ruby193-rubygem-actionpack | Fixed | RHSA-2014:0469 | 12.05.2014 |
| Red Hat Enterprise Linux 5 | postgresql84 | Fixed | RHSA-2014:0211 | 25.02.2014 |
| Red Hat Enterprise Linux 5 | postgresql | Fixed | RHSA-2014:0249 | 04.03.2014 |
| Red Hat Enterprise Linux 6 | postgresql | Fixed | RHSA-2014:0211 | 25.02.2014 |
| Red Hat Software Collections for RHEL-6 | postgresql92-postgresql | Fixed | RHSA-2014:0221 | 27.02.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16 ...
The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
Уязвимость системы управления базами данных PostgreSQL, позволяющая удаленному злоумышленнику вызвать отказ в обслуживании
EPSS
4 Medium
CVSS2