CVE-2015-0244

Summary

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.

Affected Software

VendorProductVersion RangeStatus
PostgreSQL Global Development GroupPostgreSQLbefore 9.0.19affected
PostgreSQL Global Development GroupPostgreSQL9.1.x before 9.1.15affected
PostgreSQL Global Development GroupPostgreSQL9.2.x before 9.2.10affected
PostgreSQL Global Development GroupPostgreSQL9.3.x before 9.3.6affected
PostgreSQL Global Development GroupPostgreSQL9.4.x before 9.4.1affected

Weaknesses

  • Other

ADP Enrichment

CVE Program Container

Additional References

References