CVE-2015-0242

Published Jan 27, 2020

Last updated 5 years ago

CVSS high 8.8

Overview

Description: Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8521B330-9A5E-4F15-A6F5-CFF8624F6C66",
            "versionEndExcluding": "9.0.19"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9323DC39-ED96-4A57-AEB7-9E87FF1889A9",
            "versionEndExcluding": "9.1.15",
            "versionStartIncluding": "9.1.0"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2A0FAC5-671F-4895-9A93-BB1BC98A2468",
            "versionEndExcluding": "9.2.10",
            "versionStartIncluding": "9.2.0"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77B357E3-1440-4630-8B79-B5629F8E40D0",
            "versionEndExcluding": "9.3.6",
            "versionStartIncluding": "9.3.0"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D74C01C3-5369-4885-9D6F-69E638FE73BE",
            "versionEndExcluding": "9.4.1",
            "versionStartIncluding": "9.4.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References