Double Free Vulnerability in PostgreSQL
CVE-2015-3165

Currently unrated

Key Information:

Vendor

Canonical

Status
Ubuntu Linux
Debian Linux
Vendor
CVE Published:
28 May 2015

What is CVE-2015-3165?

A double free vulnerability in several versions of PostgreSQL occurs when an SSL session is closed while the authentication timeout expires during the session shutdown process. This flaw can be exploited by remote attackers to crash the PostgreSQL service, leading to a denial of service. The affected PostgreSQL versions require immediate updating to mitigate this risk.

References

http://www.securityfocus.com/bid/74787
vdb-entryx_refsource_BID
http://www.postgresql.org/about/news/1587/
x_refsource_CONFIRM
http://www.postgresql.org/docs/9.0/static/release-9-0-20....
x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-3165 : Double Free Vulnerability in PostgreSQL