CVE-2015-0241

Summary

The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.

Affected Software

VendorProductVersion RangeStatus
PostgreSQL Global Development GroupPostgreSQLbefore 9.0.19affected
PostgreSQL Global Development GroupPostgreSQL9.1.x before 9.1.15affected
PostgreSQL Global Development GroupPostgreSQL9.2.x before 9.2.10affected
PostgreSQL Global Development GroupPostgreSQL9.3.x before 9.3.6affected
PostgreSQL Global Development GroupPostgreSQL9.4.x before 9.4.1affected

Weaknesses

  • Other

ADP Enrichment

CVE Program Container

Additional References

References