{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-05-22T00:00:00", "descriptions": [{"lang": "en", "value": "Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "74787", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74787"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/about/news/1587/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html"}, {"name": "USN-2621-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2621-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"}, {"name": "RHSA-2015:1195", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1195.html"}, {"name": "DSA-3269", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3269"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html"}, {"name": "GLSA-201507-20", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201507-20"}, {"name": "RHSA-2015:1194", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1194.html"}, {"name": "DSA-3270", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3270"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html"}, {"name": "APPLE-SA-2015-09-16-4", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT205219"}, {"name": "RHSA-2015:1196", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1196.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3165", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "74787", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74787"}, {"name": "http://www.postgresql.org/about/news/1587/", "refsource": "CONFIRM", "url": "http://www.postgresql.org/about/news/1587/"}, {"name": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html"}, {"name": "USN-2621-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2621-1"}, {"name": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"}, {"name": "RHSA-2015:1195", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1195.html"}, {"name": "DSA-3269", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3269"}, {"name": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html"}, {"name": "GLSA-201507-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201507-20"}, {"name": "RHSA-2015:1194", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1194.html"}, {"name": "DSA-3270", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3270"}, {"name": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html"}, {"name": "APPLE-SA-2015-09-16-4", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"}, {"name": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html"}, {"name": "https://support.apple.com/HT205219", "refsource": "CONFIRM", "url": "https://support.apple.com/HT205219"}, {"name": "RHSA-2015:1196", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1196.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:31.273Z"}, "title": "CVE Program Container", "references": [{"name": "74787", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74787"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/about/news/1587/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html"}, {"name": "USN-2621-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2621-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"}, {"name": "RHSA-2015:1195", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1195.html"}, {"name": "DSA-3269", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3269"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html"}, {"name": "GLSA-201507-20", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201507-20"}, {"name": "RHSA-2015:1194", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1194.html"}, {"name": "DSA-3270", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3270"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html"}, {"name": "APPLE-SA-2015-09-16-4", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT205219"}, {"name": "RHSA-2015:1196", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1196.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3165", "datePublished": "2015-05-28T14:00:00", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:31.273Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x_server:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8294E6EF-5FA4-47F1-BAB4-2F1E55731206", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D5A2803-BDCB-4AE4-AA05-5ADA3854DEE9", "versionEndIncluding": "9.0.19", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "4796DBEC-FF4F-4749-90D5-AD83D8B5E086", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "79108278-D644-4506-BD9C-F464C6E817B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "10CF0AA0-41CD-4D50-BA7A-BF8846115C95", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "965E1A9D-BB23-4C0B-A9CA-54A1855055B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "A1F37C66-0AFE-4D59-8867-BDBCE656774E", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "5CE53AE6-232C-4068-98D1-7749007C3CFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "FFD38139-FD17-41E7-8D10-7731D8203CFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "CCC0B41F-38FF-4D41-9E31-D666A84BB2FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "A591CB08-5CEB-45EB-876F-417DCD60AF53", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "E0B79735-4CF5-4038-9FC4-12A58790B15A", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "0A74DAF9-516D-44BC-B09A-73395EF72873", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "B58318BE-FB71-4183-A1F4-5FD207885A89", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "1D931436-34EB-4C42-8F2B-713662DF6627", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "3F2289C7-7E77-41E7-94A6-44B1F9F17CB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "A9DDEEEC-492D-4F45-B009-3642887843BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "7F676407-46E1-4737-9162-0E6AB1D3E8AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD27648F-E2FF-4779-97F9-2632DCC6B16D", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "CEFB4916-8B59-4534-804C-CF9DA1B18508", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3413A3AB-45A3-48E1-9B30-1194C4E7D49D", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "5760CE83-4802-42A0-9338-E1E634882450", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "6B41009E-4028-4D82-B8D0-8B949EDC0A68", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "832F3EBE-A92C-4FB3-BF3C-0E7B750F966B", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "1571EE80-55A6-4F91-909B-C46BA19EC76F", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "2848E3BC-293A-4A75-BEB7-C2F1637AD3E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "ADC9133E-94FC-4199-BD69-BBB46CF3799F", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "200172CE-40AB-49E3-93D1-9947E3CBFFF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "E90B21A9-19A7-4DCB-A2FE-C558CCB6BBB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "5B890251-95EB-44F3-A6A7-F718F3C807B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2E5BD02-8C3D-4687-88DE-1C00366270E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "709F5DF9-9F3A-42C3-890B-521B13118C0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "14D85A34-C897-4E52-8F97-18CA51C5461A", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "A40DAD2B-A6D4-43D8-B282-A3C672356D6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "FC2FE391-9414-480E-A9B1-CF70280E315E", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "55B6A4ED-FA3B-4251-BF82-755F95277CF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F56BE7CE-E2B6-4089-88CC-5F28FAC602AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "8A587AF3-5E70-4455-8621-DFD048207DE2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence."}, {"lang": "es", "value": "Vulnerabilidad de doble liberaci\u00f3n en PostgreSQL anterior a 9.0.20, 9.1.x anterior a 9.1.16, 9.2.x anterior a 9.2.11, 9.3.x anterior a 9.3.7, y 9.4.x anterior a 9.4.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante el cierre de una sesi\u00f3n SSL en un momento cuando el fin de sesi\u00f3n de la autenticaci\u00f3n caducar\u00e1 durante la secuencia del cierre de sesi\u00f3n."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/415.html\">CWE-415: Double Free</a>", "id": "CVE-2015-3165", "lastModified": "2018-01-05T02:30:05.167", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-05-28T14:59:06.283", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1194.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1195.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1196.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3269"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3270"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.postgresql.org/about/news/1587/"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-20.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-16.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "http://www.postgresql.org/docs/9.2/static/release-9-2-11.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "http://www.postgresql.org/docs/9.3/static/release-9-3-7.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-2.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74787"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.ubuntu.com/usn/USN-2621-1"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201507-20"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT205219"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Benkocs Norbert Attila as the original reporter.", "affected_release": [{"advisory": "RHSA-2015:1194", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "postgresql-0:8.4.20-3.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-06-29T00:00:00Z"}, {"advisory": "RHSA-2015:1194", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "postgresql-0:9.2.13-1.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-06-29T00:00:00Z"}, {"advisory": "RHSA-2015:1195", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "postgresql92-postgresql-0:9.2.13-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2015-06-29T00:00:00Z"}, {"advisory": "RHSA-2015:1196", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-postgresql94-postgresql-0:9.4.4-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2015-06-29T00:00:00Z"}, {"advisory": "RHSA-2015:1195", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "postgresql92-postgresql-0:9.2.13-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2015-06-29T00:00:00Z"}, {"advisory": "RHSA-2015:1196", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-postgresql94-postgresql-0:9.4.4-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2015-06-29T00:00:00Z"}, {"advisory": "RHSA-2015:1195", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "postgresql92-postgresql-0:9.2.13-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2015-06-29T00:00:00Z"}, {"advisory": "RHSA-2015:1196", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-postgresql94-postgresql-0:9.4.4-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2015-06-29T00:00:00Z"}, {"advisory": "RHSA-2015:1195", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "postgresql92-postgresql-0:9.2.13-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2015-06-29T00:00:00Z"}, {"advisory": "RHSA-2015:1196", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-postgresql94-postgresql-0:9.4.4-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2015-06-29T00:00:00Z"}, {"advisory": "RHSA-2015:1195", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "postgresql92-postgresql-0:9.2.13-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2015-06-29T00:00:00Z"}, {"advisory": "RHSA-2015:1196", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-postgresql94-postgresql-0:9.4.4-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2015-06-29T00:00:00Z"}], "bugzilla": {"description": "postgresql: double-free after authentication timeout", "id": "1221537", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221537"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-416", "details": ["Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.", "A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered."], "name": "CVE-2015-3165", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Affected", "package_name": "postgresql", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Affected", "package_name": "postgresql92-postgresql", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "postgresql84", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:network_satellite:5.7", "fix_state": "Affected", "package_name": "postgresql92", "product_name": "Red Hat Satellite 5.7"}], "public_date": "2015-05-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3165\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3165"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate", "upstream_fix": "postgresql 9.4.2, postgresql 9.3.7, postgresql 9.2.11, postgresql 9.1.16, postgresql 9.0.20"}