A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | postgresql8 | 2015-04-15 21:47 | ALAS-2015-503 |
Amazon Linux 1 | postgresql92 | 2015-03-13 02:37 | ALAS-2015-492 |
Amazon Linux 1 | postgresql93 | 2015-02-25 20:34 | ALAS-2015-485 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 6.0 | AV:N/AC:M/Au:S/C:P/I:P/A:P |
NVD | CVSSv2 | 6.5 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
NVD | CVSSv3 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |