6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
8.3 High
AI Score
Confidence
High
0.028 Low
EPSS
Percentile
90.7%
Josh Kupershmidt discovered the pgCrypto extension could expose
several bytes of server memory if the crypt() function was provided a
too-short salt. An attacker could use this flaw to read private data.
(CVE-2015-5288)
Oskari Saarenmaa discovered that the json and jsonb handlers could exhaust
available stack space. An attacker could use this flaw to perform a denial
of service attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu
15.04. (CVE-2015-5289)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 15.04 | noarch | postgresql-9.4 | < 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libecpg-compat3 | < 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libecpg-compat3-dbgsym | < 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libecpg-dev | < 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libecpg-dev-dbgsym | < 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libecpg6 | < 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libecpg6-dbgsym | < 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libpgtypes3 | < 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libpgtypes3-dbgsym | < 9.4.5-0ubuntu0.15.04 | UNKNOWN |
Ubuntu | 15.04 | noarch | libpq-dev | < 9.4.5-0ubuntu0.15.04 | UNKNOWN |