CVE-2015-3166

2019-11-2020:50:16

redhat

www.cve.org

9.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.

CNA Affected

[
  {
    "product": "PostgreSQL",
    "vendor": "PostgreSQL Global Development Group",
    "versions": [
      {
        "status": "affected",
        "version": "before 9.0.20"
      },
      {
        "status": "affected",
        "version": "9.1.x before 9.1.16"
      },
      {
        "status": "affected",
        "version": "9.2.x before 9.2.11"
      },
      {
        "status": "affected",
        "version": "9.3.x before 9.3.7"
      },
      {
        "status": "affected",
        "version": "and 9.4.x before 9.4.2"
      }
    ]
  }
]