Lucene search

K
cvelistRedhatCVELIST:CVE-2015-0244
HistoryJan 27, 2020 - 3:29 p.m.

CVE-2015-0244

2020-01-2715:29:25
redhat
www.cve.org
7
postgresql
sql injection
protocol message.

AI Score

9.7

Confidence

High

EPSS

0.005

Percentile

76.5%

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.

CNA Affected

[
  {
    "product": "PostgreSQL",
    "vendor": "PostgreSQL Global Development Group",
    "versions": [
      {
        "status": "affected",
        "version": "before 9.0.19"
      },
      {
        "status": "affected",
        "version": "9.1.x before 9.1.15"
      },
      {
        "status": "affected",
        "version": "9.2.x before 9.2.10"
      },
      {
        "status": "affected",
        "version": "9.3.x before 9.3.6"
      },
      {
        "status": "affected",
        "version": "9.4.x before 9.4.1"
      }
    ]
  }
]