Vulnerability Details : CVE-2016-0773
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-0773
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Threat overview for CVE-2016-0773
Top countries where our scanners detected CVE-2016-0773
Top open port discovered on systems with this issue
5432
IPs affected by CVE-2016-0773 70,592
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-0773!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-0773
21.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0773
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-0773
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0773
-
http://www.debian.org/security/2016/dsa-3476
Debian -- Security Information -- DSA-3476-1 postgresql-9.4
-
http://www.postgresql.org/docs/current/static/release-9-5-1.html
PostgreSQL: Documentation: 9.5: Release 9.5.1
-
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html
[security-announce] SUSE-SU-2016:0555-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html
[security-announce] openSUSE-SU-2016:0531-1: important: Security update
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10152
McAfee Security Bulletin: Threat Intelligence Exchange 1.3.0 addresses multiple issues related to its database server and OpenSSL
-
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html
[security-announce] openSUSE-SU-2016:0578-1: important: Security update
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177878.html
[SECURITY] Fedora 22 Update: postgresql-9.4.6-1.fc22
-
http://www.postgresql.org/about/news/1644/
PostgreSQL: 2016-02-11 Security Update ReleaseVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177820.html
[SECURITY] Fedora 23 Update: postgresql-9.4.6-1.fc23
-
http://rhn.redhat.com/errata/RHSA-2016-1060.html
RHSA-2016:1060 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2894-1
USN-2894-1: PostgreSQL vulnerabilities | Ubuntu security notices
-
http://www.securitytracker.com/id/1035005
PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges - SecurityTracker
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Oracle Linux Bulletin - January 2016
-
http://www.debian.org/security/2016/dsa-3475
Debian -- Security Information -- DSA-3475-1 postgresql-9.1
-
http://www.postgresql.org/docs/current/static/release-9-2-15.html
PostgreSQL: Documentation: 9.2: Release 9.2.15
-
http://www.postgresql.org/docs/current/static/release-9-1-20.html
PostgreSQL: Documentation: 9.1: Release 9.1.20
-
http://www.postgresql.org/docs/current/static/release-9-4-6.html
PostgreSQL: Documentation: 9.4: Release 9.4.6
-
https://security.gentoo.org/glsa/201701-33
PostgreSQL: Multiple vulnerabilities (GLSA 201701-33) — Gentoo security
-
http://www.postgresql.org/docs/current/static/release-9-3-11.html
PostgreSQL: Documentation: 9.3: Release 9.3.11
-
http://www.securityfocus.com/bid/83184
PostgreSQL Integer Overflow and Privilege Escalation Vulnerabilities
-
https://puppet.com/security/cve/CVE-2016-0773
CVE-2016-0773 - PostgreSQL Regular Expression Parsing Vulnerability | Puppet
-
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html
[security-announce] SUSE-SU-2016:0539-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
[security-announce] SUSE-SU-2016:0677-1: important: Security update for
Jump to