Lucene search

K
cvelistRedhatCVELIST:CVE-2015-0242
HistoryJan 27, 2020 - 3:29 p.m.

CVE-2015-0242

2020-01-2715:29:33
redhat
www.cve.org
8

AI Score

9.3

Confidence

High

EPSS

0.003

Percentile

70.4%

Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.

CNA Affected

[
  {
    "product": "PostgreSQL",
    "vendor": "PostgreSQL Global Development Group",
    "versions": [
      {
        "status": "affected",
        "version": "before 9.0.19"
      },
      {
        "status": "affected",
        "version": "9.1.x before 9.1.15"
      },
      {
        "status": "affected",
        "version": "9.2.x before 9.2.10"
      },
      {
        "status": "affected",
        "version": "9.3.x before 9.3.6"
      },
      {
        "status": "affected",
        "version": "9.4.x before 9.4.1"
      }
    ]
  }
]

AI Score

9.3

Confidence

High

EPSS

0.003

Percentile

70.4%