Описание
Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.
A buffer overflow flaw was found in the PostgreSQL's internal printf() implementation. An authenticated database user could use a specially crafted string in an SQL query to cause PostgreSQL to crash or, potentially, lead to privilege escalation.
Отчет
Not vulnerable. This issue does not affect the version of the postgresql package shipped in Red Hat Enterprise Linux 5, 6, and 7 because it does not use the vulnerable implementation of the snprintf() function provided by postgresql; the glibc implementation of this function, which is not vulnerable to this issue, is used instead.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | postgresql | Not affected | ||
| CloudForms Management Engine 5 | postgresql92-postgresql | Not affected | ||
| Red Hat Enterprise Linux 5 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 5 | postgresql84 | Not affected | ||
| Red Hat Enterprise Linux 6 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 7 | postgresql | Not affected | ||
| Red Hat Satellite 5.7 | postgresql92 | Not affected | ||
| Red Hat Software Collections | postgresql92-postgresql | Not affected | ||
| Red Hat Software Collections | rh-postgresql94-postgresql | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6 Medium
CVSS2
Связанные уязвимости
Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.
Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.
Stack-based buffer overflow in the *printf function implementations in ...
Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.
EPSS
6 Medium
CVSS2