{"containers": {"cna": {"affected": [{"product": "PostgreSQL", "vendor": "PostgreSQL Global Development Group", "versions": [{"status": "affected", "version": "before 9.0.19"}, {"status": "affected", "version": "9.1.x before 9.1.15"}, {"status": "affected", "version": "9.2.x before 9.2.10"}, {"status": "affected", "version": "9.3.x before 9.3.6"}, {"status": "affected", "version": "9.4.x before 9.4.1"}]}], "datePublic": "2015-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "Buffer Overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-27T15:29:28", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/about/news/1569/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.debian.org/security/2015/dsa-3155"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0243", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PostgreSQL", "version": {"version_data": [{"version_value": "before 9.0.19"}, {"version_value": "9.1.x before 9.1.15"}, {"version_value": "9.2.x before 9.2.10"}, {"version_value": "9.3.x before 9.3.6"}, {"version_value": "9.4.x before 9.4.1"}]}}]}, "vendor_name": "PostgreSQL Global Development Group"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"}, {"name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"}, {"name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"}, {"name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"}, {"name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"}, {"name": "http://www.postgresql.org/about/news/1569/", "refsource": "CONFIRM", "url": "http://www.postgresql.org/about/news/1569/"}, {"name": "http://www.debian.org/security/2015/dsa-3155", "refsource": "CONFIRM", "url": "http://www.debian.org/security/2015/dsa-3155"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:03:10.702Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/about/news/1569/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3155"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-0243", "datePublished": "2020-01-27T15:29:28", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2024-08-06T04:03:10.702Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "8521B330-9A5E-4F15-A6F5-CFF8624F6C66", "versionEndExcluding": "9.0.19", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "9323DC39-ED96-4A57-AEB7-9E87FF1889A9", "versionEndExcluding": "9.1.15", "versionStartIncluding": "9.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2A0FAC5-671F-4895-9A93-BB1BC98A2468", "versionEndExcluding": "9.2.10", "versionStartIncluding": "9.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "77B357E3-1440-4630-8B79-B5629F8E40D0", "versionEndExcluding": "9.3.6", "versionStartIncluding": "9.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "D74C01C3-5369-4885-9D6F-69E638FE73BE", "versionEndExcluding": "9.4.1", "versionStartIncluding": "9.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples desbordamientos del b\u00fafer en contrib/pgcrypto en PostgreSQL versiones anteriores a 9.0.19, versiones 9.1.x anteriores a 9.1.15, versiones 9.2.x anteriores a 9.2.10, versiones 9.3.x anteriores a 9.3.6 y versiones 9.4.x anteriores a 9.4.1, permiten usuarios autenticados remotos causar una denegaci\u00f3n de servicio (bloqueo) y posiblemente ejecutar c\u00f3digo arbitrario por medio de vectores no especificados."}], "id": "CVE-2015-0243", "lastModified": "2024-11-21T02:22:38.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-27T16:15:10.750", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3155"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.postgresql.org/about/news/1569/"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3155"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.postgresql.org/about/news/1569/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Marko Tiikkaja as the original reporter.", "affected_release": [{"advisory": "RHSA-2015:0750", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "postgresql-0:8.4.20-2.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-03-30T00:00:00Z"}, {"advisory": "RHSA-2015:0750", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "postgresql-0:9.2.10-2.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-30T00:00:00Z"}, {"advisory": "RHSA-2015:0856", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "postgresql92-postgresql-0:9.2.10-2.el6", "product_name": "Red Hat Satellite 5.7", "release_date": "2015-04-20T00:00:00Z"}, {"advisory": "RHSA-2015:0699", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "postgresql92-postgresql-0:9.2.10-2.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6", "release_date": "2015-03-18T00:00:00Z"}, {"advisory": "RHSA-2015:0699", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "postgresql92-postgresql-0:9.2.10-2.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2015-03-18T00:00:00Z"}, {"advisory": "RHSA-2015:0699", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "postgresql92-postgresql-0:9.2.10-2.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2015-03-18T00:00:00Z"}, {"advisory": "RHSA-2015:0699", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el7", "package": "postgresql92-postgresql-0:9.2.10-1.el7", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 7", "release_date": "2015-03-18T00:00:00Z"}], "bugzilla": {"description": "postgresql: buffer overflow flaws in contrib/pgcrypto", "id": "1188689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188689"}, "csaw": false, "cvss": {"cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-122", "details": ["Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.", "A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL."], "name": "CVE-2015-0243", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Will not fix", "package_name": "postgresql", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Will not fix", "package_name": "postgresql92-postgresql", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "postgresql84", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Affected", "package_name": "rh-postgresql94-postgresql", "product_name": "Red Hat Software Collections"}], "public_date": "2015-02-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-0243\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0243\nhttp://www.postgresql.org/about/news/1569/"], "threat_severity": "Moderate", "upstream_fix": "postgresql 9.0.19, postgresql 9.1.15, postgresql 9.2.10, postgresql 9.3.6, postgresql 9.4.1"}