Описание
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.
Отчет
This issue affects the versions of rh-postgresql94-postgresql, rh-postgresql95-postgresql, and rh-postgresql96-postgresql as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 5 | postgresql84 | Not affected | ||
| Red Hat Enterprise Linux 6 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 7 | postgresql | Not affected | ||
| Red Hat Satellite 5 | postgresql92-postgresql | Not affected | ||
| Red Hat Software Collections | rh-postgresql94-postgresql | Will not fix | ||
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-postgresql95-postgresql | Fixed | RHSA-2018:2511 | 20.08.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-postgresql96-postgresql | Fixed | RHSA-2018:2566 | 27.08.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | rh-postgresql95-postgresql | Fixed | RHSA-2018:2511 | 20.08.2018 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | rh-postgresql96-postgresql | Fixed | RHSA-2018:2566 | 27.08.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.
Invalid json_populate_recordset or jsonb_populate_recordset function c ...
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.
Уязвимость реализации функций json_populate_recordset и jsonb_populate_recordset системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании или получить несанкционированный доступ к защищаемой информации
EPSS
7.1 High
CVSS3