CVE-2016-5423 – postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference
https://notcve.org/view.php?id=CVE-2016-5423
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types. PostgreSQL en versiones anteriores a 9.1.23, 9.2.x en versiones anteriores a 9.2.18, 9.3.x en versiones anteriores a 9.3.14, 9.4.x en versiones anteriores a 9.4.9 y 9.5.x en versiones anteriores a 9.5.4 permiten a usuarios remotos autenticados provocar una denegación de servicio (referencia a puntero NULL y caída del servidor), obtener información de memoria sensible, o posiblemente ejecutar código arbitrario a través de (1) una expresión CASE dentro de la subexpresión de valor de prueba de otro CASE o (2) el inicio de una función SQL que implementa el operador de igualdad utilizado para una expresión CASE que implica valores de diferentes tipos. A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. • http://rhn.redhat.com/errata/RHSA-2016-1781.html http://rhn.redhat.com/errata/RHSA-2016-1820.html http://rhn.redhat.com/errata/RHSA-2016-1821.html http://rhn.redhat.com/errata/RHSA-2016-2606.html http://www.debian.org/security/2016/dsa-3646 http://www.securityfocus.com/bid/92433 http://www.securitytracker.com/id/1036617 https://access.redhat.com/errata/RHSA-2017:2425 https://bugzilla.redhat.com/show_bug.cgi?id=1364001 https://security.gentoo.org/glsa/201701-33 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •
CVE-2016-0773 – postgresql: case insensitive range handling integer overflow leading to buffer overflow
https://notcve.org/view.php?id=CVE-2016-0773
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression. PostgreSQL en versiones anteriores a 9.1.20, 9.2.x en versiones anteriores a 9.2.15, 9.3.x en versiones anteriores a 9.3.11, 9.4.x en versiones anteriores a 9.4.6 y 9.5.x en versiones anteriores a 9.5.1 permite a atacantes remotos provocar una denegación de servicio (bucle infinito o desbordamiento de buffer y caída) a través de un amplio rango de caracteres Unicode en una expresión regular. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177820.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177878.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html http://lists.opensuse.org/opensuse-security-announce& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2016-0766
https://notcve.org/view.php?id=CVE-2016-0766
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors. PostgreSQL en versiones anteriores a 9.1.20, 9.2.x en versiones anteriores a 9.2.15, 9.3.x en versiones anteriores a 9.3.11, 9.4.x en versiones anteriores a 9.4.6 y 9.5.x en versiones anteriores a 9.5.1 no restringe adecuadamente el acceso a ajustes de configuración personalizada no especificados (GUCS) para PL/Java, lo que permite a atacantes obtener privilegios a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html http://www.debian.org/security/2016/dsa-3475 http://www.debian.org/security/2016/dsa-3476 http://www.postgresql.org/about • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-5288 – postgresql: limited memory disclosure flaw in crypt()
https://notcve.org/view.php?id=CVE-2015-5288
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. La función crypt en contrib/pgcrypto en PostgreSQL en versiones anteriores a 9.0.23, 9.1.x en versiones anteriores a 9.1.19, 9.2.x en versiones anteriores a 9.2.14, 9.3.x en versiones anteriores a 9.3.10 y 9.4.x en versiones anteriores a 9.4.5 permite a atacantes provocar una denegación de servicio (caída del servidor) o leer la memoria del servidor arbitrariamente a través de un salt 'too-short'. A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00040.html http://www.debian.org/security/2015/dsa-3374 http://www.debian.org/security/2016/dsa-3475 http://www.oracle.com/technetwork/top • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-3165 – postgresql: double-free after authentication timeout
https://notcve.org/view.php?id=CVE-2015-3165
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. Vulnerabilidad de doble liberación en PostgreSQL anterior a 9.0.20, 9.1.x anterior a 9.1.16, 9.2.x anterior a 9.2.11, 9.3.x anterior a 9.3.7, y 9.4.x anterior a 9.4.2 permite a atacantes remotos causar una denegación de servicio (caída) mediante el cierre de una sesión SSL en un momento cuando el fin de sesión de la autenticación caducará durante la secuencia del cierre de sesión. A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-1194.html http://rhn.redhat.com/errata/RHSA-2015-1195.html http://rhn.redhat.com/errata/RHSA-2015-1196.html http://www.debian.org/security/2015/dsa-3269 http://www.debian.org/security/2015/dsa-3270 http://www.postgresql.org/about/news/1587 http://www.postgresql.org/docs/9.0/static/release-9-0-20.html http://www.postgresql.org/docs/9.1/static • CWE-416: Use After Free •