Postgresql » Postgresql : Security Vulnerabilities, CVEs, Published In 2015 (Denial of service)
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
Max CVSS
6.4
EPSS Score
1.76%
Published
2015-10-26
Updated
2023-02-24
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
Max CVSS
6.4
EPSS Score
2.81%
Published
2015-10-26
Updated
2017-07-01
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
Max CVSS
4.3
EPSS Score
8.49%
Published
2015-05-28
Updated
2018-01-05
3 vulnerabilities found