CVE-2015-3166

Summary

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.

Affected Software

VendorProductVersion RangeStatus
PostgreSQL Global Development GroupPostgreSQLbefore 9.0.20affected
PostgreSQL Global Development GroupPostgreSQL9.1.x before 9.1.16affected
PostgreSQL Global Development GroupPostgreSQL9.2.x before 9.2.11affected
PostgreSQL Global Development GroupPostgreSQL9.3.x before 9.3.7affected
PostgreSQL Global Development GroupPostgreSQLand 9.4.x before 9.4.2affected

Weaknesses

  • Other

ADP Enrichment

CVE Program Container

Additional References

References