Lucene search

[email protected]NVD:CVE-2015-3165

HistoryMay 28, 2015 - 2:59 p.m.

CVE-2015-3165

2015-05-2814:59:06

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

9.3 High

AI Score

Confidence

High

0.085 Low

EPSS

Percentile

94.5%

JSON

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.04

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

applemac_os_x_serverMatch5.0.2

Node

postgresqlpostgresqlRange≤9.0.19

postgresqlpostgresqlMatch9.1

postgresqlpostgresqlMatch9.1.1

postgresqlpostgresqlMatch9.1.2

postgresqlpostgresqlMatch9.1.3

postgresqlpostgresqlMatch9.1.4

postgresqlpostgresqlMatch9.1.5

postgresqlpostgresqlMatch9.1.6

postgresqlpostgresqlMatch9.1.7

postgresqlpostgresqlMatch9.1.8

postgresqlpostgresqlMatch9.1.9

postgresqlpostgresqlMatch9.1.10

postgresqlpostgresqlMatch9.1.11

postgresqlpostgresqlMatch9.1.12

postgresqlpostgresqlMatch9.1.13

postgresqlpostgresqlMatch9.1.14

postgresqlpostgresqlMatch9.1.15

postgresqlpostgresqlMatch9.2

postgresqlpostgresqlMatch9.2.1

postgresqlpostgresqlMatch9.2.2

postgresqlpostgresqlMatch9.2.3

postgresqlpostgresqlMatch9.2.4

postgresqlpostgresqlMatch9.2.5

postgresqlpostgresqlMatch9.2.6

postgresqlpostgresqlMatch9.2.7

postgresqlpostgresqlMatch9.2.8

postgresqlpostgresqlMatch9.2.9

postgresqlpostgresqlMatch9.2.10

postgresqlpostgresqlMatch9.3

postgresqlpostgresqlMatch9.3.1

postgresqlpostgresqlMatch9.3.2

postgresqlpostgresqlMatch9.3.3

postgresqlpostgresqlMatch9.3.4

postgresqlpostgresqlMatch9.3.5

postgresqlpostgresqlMatch9.3.6

postgresqlpostgresqlMatch9.4.0

postgresqlpostgresqlMatch9.4.1

References

lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

rhn.redhat.com/errata/RHSA-2015-1194.html

rhn.redhat.com/errata/RHSA-2015-1195.html

rhn.redhat.com/errata/RHSA-2015-1196.html

www.debian.org/security/2015/dsa-3269

www.debian.org/security/2015/dsa-3270

www.postgresql.org/about/news/1587/

www.postgresql.org/docs/9.0/static/release-9-0-20.html

www.postgresql.org/docs/9.1/static/release-9-1-16.html

www.postgresql.org/docs/9.2/static/release-9-2-11.html

www.postgresql.org/docs/9.3/static/release-9-3-7.html

www.postgresql.org/docs/9.4/static/release-9-4-2.html

www.securityfocus.com/bid/74787

www.ubuntu.com/usn/USN-2621-1

security.gentoo.org/glsa/201507-20

support.apple.com/HT205219

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

9.3 High

AI Score

Confidence

High

0.085 Low

EPSS

Percentile

94.5%

JSON

Related for NVD:CVE-2015-3165

amazon3 ubuntucve1 kaspersky1 veracode1 nessus19 openvas19 cvelist1 postgresql1 cve1 prion1 securityvulns2 debian7 mageia1 redhat3 ubuntu1 archlinux1 centos1 osv4 oraclelinux1 freebsd1 gentoo1