CVE-2015-0243 – postgresql: buffer overflow flaws in contrib/pgcrypto

https://notcve.org/view.php?id=CVE-2015-0243

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Múltiples desbordamientos del búfer en contrib/pgcrypto en PostgreSQL versiones anteriores a 9.0.19, versiones 9.1.x anteriores a 9.1.15, versiones 9.2.x anteriores a 9.2.10, versiones 9.3.x anteriores a 9.3.6 y versiones 9.4.x anteriores a 9.4.1, permiten usuarios autenticados remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de vectores no especificados. A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. • http://www.debian.org/security/2015/dsa-3155 http://www.postgresql.org/about/news/1569 http://www.postgresql.org/docs/9.4/static/release-9-4-1.html http://www.postgresql.org/docs/current/static/release-9-0-19.html http://www.postgresql.org/docs/current/static/release-9-1-15.html http://www.postgresql.org/docs/current/static/release-9-2-10.html http://www.postgresql.org/docs/current/static/release-9-3-6.html https://access.redhat.com/security/cve/CVE-2015& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •