KLA10686
Multiple vulnerabilities in PostgreSQL

Обновлено: 03/06/2020

Дата обнаружения	08/10/2015
Уровень угрозы	High
Описание	Multiple serious vulnerabilities have been found in PostgreSQL. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information. Below is a complete list of vulnerabilities An unknown vulnerability can be exploited via a specially designed user input to cause denial of service; An unknown vulnerability at pgCrypto can be exploited to obtain sensitive information. Technical details Vulnerability (1) caused by erroneous json or jsonb construction from input. (2) caused by crypt function and can be triggered via ‘too-short’ salt to read arbitrary server memory.
Пораженные продукты	PostgreSQL versions earlier than 9.0.23 PostgreSQL 9.1 versions earlier than 9.1.19 PostgreSQL 9.2 versions earlier than 9.2.14 PostgreSQL 9.3 versions earlier than 9.3.10 PostgreSQL 9.4 versions earlier than 9.4.5
Решение	Update to the latest version Get PostgreSQL
Первичный источник обнаружения	Release note
Оказываемое влияние ?	OSI [?] DoS [?]
Связанные продукты	PostgreSQL
CVE-IDS	CVE-2015-52896.4High CVE-2015-52886.4High
	Узнай статистику распространения уязвимостей в твоем регионе

KLA10686Multiple vulnerabilities in PostgreSQL