CVE-2015-3167

Summary

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

Affected Software

VendorProductVersion RangeStatus
PostgreSQL Global Development GroupPostgreSQLbefore 9.0.20affected
PostgreSQL Global Development GroupPostgreSQL9.1.x before 9.1.16affected
PostgreSQL Global Development GroupPostgreSQL9.2.x before 9.2.11affected
PostgreSQL Global Development GroupPostgreSQL9.3.x before 9.3.7affected
PostgreSQL Global Development GroupPostgreSQLand 9.4.x before 9.4.2affected

Weaknesses

  • Other

ADP Enrichment

CVE Program Container

Additional References

References