what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2015-5289

Status Candidate

Overview

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.

Related Files

Gentoo Linux Security Advisory 201701-33
Posted Jan 13, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-33 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in execution of arbitrary code or privilege escalation. Versions less than 9.5.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-5288, CVE-2015-5289, CVE-2016-0766, CVE-2016-0773, CVE-2016-5423, CVE-2016-5424
SHA-256 | 5c1835ce9d97c2296528f8ac7307f5177d1c964c2ef3bec50562a53e37dcd826
Red Hat Security Advisory 2015-2078-01
Posted Nov 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2078-01 - PostgreSQL is an advanced object-relational database management system. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input.

tags | advisory, overflow, memory leak
systems | linux, redhat
advisories | CVE-2015-5288, CVE-2015-5289
SHA-256 | aac049a21ae427bf24643576d8701e697cfabc9ea4d02e806cb365d534decbce
Red Hat Security Advisory 2015-2077-01
Posted Nov 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2077-01 - PostgreSQL is an advanced object-relational database management system. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input.

tags | advisory, overflow, memory leak
systems | linux, redhat
advisories | CVE-2015-5288, CVE-2015-5289
SHA-256 | b8119ca3b76675c365e5ec6e10e97a27a6c8163ea9d7805cb835c9fc98116c8b
Red Hat Security Advisory 2015-2083-01
Posted Nov 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2083-01 - PostgreSQL is an advanced object-relational database management system. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input.

tags | advisory, overflow, memory leak
systems | linux, redhat
advisories | CVE-2015-5288, CVE-2015-5289
SHA-256 | c9f88ba809baf90f4a629479a98d8482fd5274e5a0d331f3a4316e0f0531d8a8
Debian Security Advisory 3374-1
Posted Oct 19, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3374-1 - Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-5288, CVE-2015-5289
SHA-256 | 0221739681f1a47749baa7ef3da3b7ce33e14be350cfde520f29dd6677263336
Ubuntu Security Notice USN-2772-1
Posted Oct 16, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2772-1 - Josh Kupershmidt discovered the pgCrypto extension could expose several bytes of server memory if the crypt() function was provided a too-short salt. An attacker could use this flaw to read private data. Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust available stack space. An attacker could use this flaw to perform a denial of service attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2015-5288, CVE-2015-5289
SHA-256 | 7b71a60e0ccd343b09519a9460d503e41574b5c1bcd194439de80f36faf89604
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close