CVE-2016-0773

Опубликовано: 11 фев. 2016

Источник: redhat

CVSS2: 6.8

EPSS Низкий

Описание

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code.

Затронутые пакеты

Платформа	Пакет	Состояние
CloudForms Management Engine 5	postgresql	Affected
CloudForms Management Engine 5	postgresql92-postgresql	Affected
Red Hat Enterprise Linux 5	postgresql	Will not fix
Red Hat Enterprise Linux 5	postgresql84	Will not fix
Red Hat Enterprise Linux 5	tcl	Not affected
Red Hat Enterprise Linux 6	pl	Not affected
Red Hat Enterprise Linux 6	tcl	Not affected
Red Hat Enterprise Linux 7	tcl	Not affected
Red Hat Satellite 5.7	postgresql92	Affected
Red Hat Software Collections	rh-postgresql95-postgresql	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-190->CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1303832postgresql: case insensitive range handling integer overflow leading to buffer overflow

EPSS

Процентиль: 89%

0.0451

Низкий

6.8 Medium

CVSS2

Связанные уязвимости

CVE-2016-0773

CVSS3: 7.5

ubuntu

больше 9 лет назад

CVE-2016-0773

CVSS3: 7.5

nvd

больше 9 лет назад

CVE-2016-0773

CVSS3: 7.5

debian

больше 9 лет назад

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9. ...

GHSA-6p6w-jmg5-8cvx

CVSS3: 7.5

github

около 3 лет назад

ELSA-2016-0347

oracle-oval

больше 9 лет назад

ELSA-2016-0347: postgresql security update (IMPORTANT)

EPSS

Процентиль: 89%

0.0451

Низкий

6.8 Medium

CVSS2