Vulnerability Details : CVE-2015-5289
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-5289
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Threat overview for CVE-2015-5289
Top countries where our scanners detected CVE-2015-5289
Top open port discovered on systems with this issue
5432
IPs affected by CVE-2015-5289 87,989
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-5289!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-5289
2.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5289
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:P |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2015-5289
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5289
-
http://www.debian.org/security/2015/dsa-3374
Debian -- Security Information -- DSA-3374-1 postgresql-9.4Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html
[SECURITY] Fedora 22 Update: postgresql-9.4.5-1.fc22Mailing List;Third Party Advisory
-
http://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=08fa47c4850cea32c3116665975bca219fbf2fe6
git.postgresql.org Git - postgresql.git/commitVendor Advisory
-
http://www.securitytracker.com/id/1033775
PostgreSQL Bugs Let Remote Users Deny Service and May Let Remote Users Obtain Portions of Memory - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/77048
PostgreSQL CVE-2015-5289 Remote Denial Of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015Third Party Advisory
-
https://security.gentoo.org/glsa/201701-33
PostgreSQL: Multiple vulnerabilities (GLSA 201701-33) — Gentoo securityThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2772-1
USN-2772-1: PostgreSQL vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.postgresql.org/about/news/1615/
PostgreSQL: 2015-10-08 Security Update ReleaseVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html
[SECURITY] Fedora 23 Update: postgresql-9.4.5-1.fc23Mailing List;Third Party Advisory
-
http://www.postgresql.org/docs/9.4/static/release-9-4-5.html
PostgreSQL: Documentation: 9.4: Release 9.4.5Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
[security-announce] SUSE-SU-2016:0677-1: important: Security update forMailing List;Third Party Advisory
-
http://www.postgresql.org/docs/9.3/static/release-9-3-10.html
PostgreSQL: Documentation: 9.3: Release 9.3.10Vendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html
openSUSE-SU-2015:1907-1: moderate: Security update for postgresql93Mailing List;Third Party Advisory
Jump to