CVE-2015-3167
N/A
N/A
Summary
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PostgreSQL Global Development Group | PostgreSQL | before 9.0.20 | affected |
| PostgreSQL Global Development Group | PostgreSQL | 9.1.x before 9.1.16 | affected |
| PostgreSQL Global Development Group | PostgreSQL | 9.2.x before 9.2.11 | affected |
| PostgreSQL Global Development Group | PostgreSQL | 9.3.x before 9.3.7 | affected |
| PostgreSQL Global Development Group | PostgreSQL | and 9.4.x before 9.4.2 | affected |
Weaknesses
- Other
ADP Enrichment
CVE Program Container
Additional References
- http://www.postgresql.org/about/news/1587/
- http://www.postgresql.org/docs/9.0/static/release-9-0-20.html
- http://www.postgresql.org/docs/9.1/static/release-9-1-16.html
- http://www.postgresql.org/docs/9.2/static/release-9-2-11.html
- http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-2.html
- http://www.debian.org/security/2015/dsa-3269
- http://www.debian.org/security/2015/dsa-3270
- http://ubuntu.com/usn/usn-2621-1
References
- http://www.postgresql.org/about/news/1587/
- http://www.postgresql.org/docs/9.0/static/release-9-0-20.html
- http://www.postgresql.org/docs/9.1/static/release-9-1-16.html
- http://www.postgresql.org/docs/9.2/static/release-9-2-11.html
- http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-2.html
- http://www.debian.org/security/2015/dsa-3269
- http://www.debian.org/security/2015/dsa-3270
- http://ubuntu.com/usn/usn-2621-1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.