CVE-2015-0242

Summary

Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.

Affected Software

VendorProductVersion RangeStatus
PostgreSQL Global Development GroupPostgreSQLbefore 9.0.19affected
PostgreSQL Global Development GroupPostgreSQL9.1.x before 9.1.15affected
PostgreSQL Global Development GroupPostgreSQL9.2.x before 9.2.10affected
PostgreSQL Global Development GroupPostgreSQL9.3.x before 9.3.6affected
PostgreSQL Global Development GroupPostgreSQL9.4.x before 9.4.1affected

Weaknesses

  • Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References