CVE-2017-15098

8.1HIGH

Key Information:

Vendor: Red Hat
Status: Postgresql
Vendor: CVE Published:; 22 November 2017

Summary

Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.

Affected Version(s)

postgresql 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20

References

http://www.securityfocus.com/bid/101781

vdb-entryx_refsource_BID

https://www.debian.org/security/2017/dsa-4027

vendor-advisoryx_refsource_DEBIAN

https://access.redhat.com/errata/RHSA-2018:2511

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Oct 8, 2017

.