Stack-Based Buffer Overflow Vulnerability in PostgreSQL on Windows
CVE-2015-0242
8.8HIGH
Key Information:
- Status
- Vendor
- CVE Published:
- 27 January 2020
What is CVE-2015-0242?
A stack-based buffer overflow is present in the printf function implementations of PostgreSQL on Windows systems. This vulnerability permits remote authenticated users to exploit a flaw by utilizing floating point numbers with excessive precision, potentially leading to a denial of service due to application crashes or, in certain scenarios, allowing the execution of arbitrary code. The affected PostgreSQL versions range from pre-9.0.19 through several 9.1.x, 9.2.x, 9.3.x, and 9.4.x builds, making it crucial for users to upgrade to patched versions.
Affected Version(s)
PostgreSQL before 9.0.19
PostgreSQL 9.1.x before 9.1.15
PostgreSQL 9.2.x before 9.2.10