SB2016021614 - Buffer overflow in postgresql (Alpine package)
Published: February 16, 2016
Security Bulletin ID
SB2016021614
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Buffer overflow (CVE-ID: CVE-2016-0773)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=de54eeef246ed1ee8fcba3da5c559af490d2e2e9
- https://git.alpinelinux.org/aports/commit/?id=87879a3f27f9101b4c265ef56b479dbe23fd41c9
- https://git.alpinelinux.org/aports/commit/?id=702b09615bb3319131fb1a8aeb19ff42bc312a29
- https://git.alpinelinux.org/aports/commit/?id=65b5dd4abceafa43b63560e421f11671eeef5940