Stack-Based Buffer Overflow Vulnerability in PostgreSQL on Windows
CVE-2015-0242

8.8HIGH

Key Information:

Vendor
Postgresql Global Development Group
Status
Postgresql
Vendor
CVE Published:
27 January 2020

Summary

A stack-based buffer overflow is present in the printf function implementations of PostgreSQL on Windows systems. This vulnerability permits remote authenticated users to exploit a flaw by utilizing floating point numbers with excessive precision, potentially leading to a denial of service due to application crashes or, in certain scenarios, allowing the execution of arbitrary code. The affected PostgreSQL versions range from pre-9.0.19 through several 9.1.x, 9.2.x, 9.3.x, and 9.4.x builds, making it crucial for users to upgrade to patched versions.

Affected Version(s)

PostgreSQL before 9.0.19

PostgreSQL 9.1.x before 9.1.15

PostgreSQL 9.2.x before 9.2.10

References

http://www.postgresql.org/docs/9.4/static/release-9-4-1.html
x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-0...
x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-1...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.