Описание
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | postgresql | Will not fix | ||
| CloudForms Management Engine 5 | postgresql92-postgresql | Will not fix | ||
| Red Hat Enterprise Linux 5 | postgresql | Will not fix | ||
| Red Hat Enterprise Linux 5 | postgresql84 | Will not fix | ||
| Red Hat Software Collections | rh-postgresql94-postgresql | Affected | ||
| Red Hat Enterprise Linux 6 | postgresql | Fixed | RHSA-2015:0750 | 30.03.2015 |
| Red Hat Enterprise Linux 7 | postgresql | Fixed | RHSA-2015:0750 | 30.03.2015 |
| Red Hat Satellite 5.7 | postgresql92-postgresql | Fixed | RHSA-2015:0856 | 20.04.2015 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | postgresql92-postgresql | Fixed | RHSA-2015:0699 | 18.03.2015 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS | postgresql92-postgresql | Fixed | RHSA-2015:0699 | 18.03.2015 |
Показывать по
Дополнительная информация
Статус:
2.1 Low
CVSS2
Связанные уязвимости
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9. ...
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
2.1 Low
CVSS2