Veracode Vulnerability DatabaseVERACODE:18761Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
PostgreSQL is vulnerable to denial of service(DoS) attacks. A remote authenticated user could exploit an access control flaw in the lo_put() function to change the data in a large object and cause denial of service conditions which leads application to a crash.
References
www.debian.org/security/2017/dsa-3935
www.debian.org/security/2017/dsa-3936
www.securityfocus.com/bid/100276
www.securitytracker.com/id/1039142
access.redhat.com/errata/RHSA-2017:2677
access.redhat.com/errata/RHSA-2017:2678
access.redhat.com/security/updates/classification/#moderate
security.gentoo.org/glsa/201710-06
www.postgresql.org/about/news/1772/
www.postgresql.org/docs/current/static/release-9-4-13.html
www.postgresql.org/docs/current/static/release-9-4-14.html
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N