Double Free Vulnerability in PostgreSQL
CVE-2015-3165

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Debian Linux
Vendor: CVE Published:; 28 May 2015

Summary

A double free vulnerability in several versions of PostgreSQL occurs when an SSL session is closed while the authentication timeout expires during the session shutdown process. This flaw can be exploited by remote attackers to crash the PostgreSQL service, leading to a denial of service. The affected PostgreSQL versions require immediate updating to mitigate this risk.

References

http://www.securityfocus.com/bid/74787

vdb-entryx_refsource_BID

http://www.postgresql.org/about/news/1587/

x_refsource_CONFIRM

http://www.postgresql.org/docs/9.0/static/release-9-0-20....

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 28, 2015
Vulnerability Reserved
Apr 10, 2015