Описание
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | postgresql | Will not fix | ||
| Red Hat Enterprise Linux 5 | postgresql84 | Will not fix | ||
| Red Hat Satellite 5 | postgresql92-postgresql | Affected | ||
| Red Hat Enterprise Linux 6 | postgresql | Fixed | RHSA-2015:2081 | 18.11.2015 |
| Red Hat Enterprise Linux 7 | postgresql | Fixed | RHSA-2015:2078 | 19.11.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-postgresql94-postgresql | Fixed | RHSA-2015:2077 | 18.11.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | postgresql92-postgresql | Fixed | RHSA-2015:2083 | 18.11.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS | rh-postgresql94-postgresql | Fixed | RHSA-2015:2077 | 18.11.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS | postgresql92-postgresql | Fixed | RHSA-2015:2083 | 18.11.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS | rh-postgresql94-postgresql | Fixed | RHSA-2015:2077 | 18.11.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9. ...
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
EPSS
4 Medium
CVSS2