CVE-2015-3165
postgresql: double-free after authentication timeout
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
Vulnerabilidad de doble liberación en PostgreSQL anterior a 9.0.20, 9.1.x anterior a 9.1.16, 9.2.x anterior a 9.2.11, 9.3.x anterior a 9.3.7, y 9.4.x anterior a 9.4.2 permite a atacantes remotos causar una denegación de servicio (caída) mediante el cierre de una sesión SSL en un momento cuando el fin de sesión de la autenticación caducará durante la secuencia del cierre de sesión.
A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-04-10 CVE Reserved
- 2015-05-22 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| http://www.postgresql.org/docs/9.0/static/release-9-0-20.html | Release Notes | |
| http://www.postgresql.org/docs/9.1/static/release-9-1-16.html | Release Notes | |
| http://www.postgresql.org/docs/9.2/static/release-9-2-11.html | Release Notes | |
| http://www.postgresql.org/docs/9.3/static/release-9-3-7.html | Release Notes | |
| http://www.postgresql.org/docs/9.4/static/release-9-4-2.html | Release Notes | |
| http://www.securityfocus.com/bid/74787 | Third Party Advisory | |
| https://support.apple.com/HT205219 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html | 2018-01-05 | |
| http://rhn.redhat.com/errata/RHSA-2015-1194.html | 2018-01-05 | |
| http://rhn.redhat.com/errata/RHSA-2015-1195.html | 2018-01-05 | |
| http://rhn.redhat.com/errata/RHSA-2015-1196.html | 2018-01-05 | |
| http://www.debian.org/security/2015/dsa-3269 | 2018-01-05 | |
| http://www.debian.org/security/2015/dsa-3270 | 2018-01-05 | |
| http://www.postgresql.org/about/news/1587 | 2018-01-05 | |
| http://www.ubuntu.com/usn/USN-2621-1 | 2018-01-05 | |
| https://security.gentoo.org/glsa/201507-20 | 2018-01-05 | |
| https://access.redhat.com/security/cve/CVE-2015-3165 | 2015-06-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1221537 | 2015-06-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 5.0.2 Search vendor "Apple" for product "Mac Os X Server" and version "5.0.2" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | <= 9.0.19 Search vendor "Postgresql" for product "Postgresql" and version " <= 9.0.19" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1 Search vendor "Postgresql" for product "Postgresql" and version "9.1" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.1 Search vendor "Postgresql" for product "Postgresql" and version "9.1.1" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.2 Search vendor "Postgresql" for product "Postgresql" and version "9.1.2" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.3 Search vendor "Postgresql" for product "Postgresql" and version "9.1.3" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.4 Search vendor "Postgresql" for product "Postgresql" and version "9.1.4" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.5 Search vendor "Postgresql" for product "Postgresql" and version "9.1.5" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.6 Search vendor "Postgresql" for product "Postgresql" and version "9.1.6" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.7 Search vendor "Postgresql" for product "Postgresql" and version "9.1.7" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.8 Search vendor "Postgresql" for product "Postgresql" and version "9.1.8" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.9 Search vendor "Postgresql" for product "Postgresql" and version "9.1.9" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.10 Search vendor "Postgresql" for product "Postgresql" and version "9.1.10" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.11 Search vendor "Postgresql" for product "Postgresql" and version "9.1.11" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.12 Search vendor "Postgresql" for product "Postgresql" and version "9.1.12" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.13 Search vendor "Postgresql" for product "Postgresql" and version "9.1.13" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.14 Search vendor "Postgresql" for product "Postgresql" and version "9.1.14" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.15 Search vendor "Postgresql" for product "Postgresql" and version "9.1.15" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2 Search vendor "Postgresql" for product "Postgresql" and version "9.2" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.1 Search vendor "Postgresql" for product "Postgresql" and version "9.2.1" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.2 Search vendor "Postgresql" for product "Postgresql" and version "9.2.2" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.3 Search vendor "Postgresql" for product "Postgresql" and version "9.2.3" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.4 Search vendor "Postgresql" for product "Postgresql" and version "9.2.4" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.5 Search vendor "Postgresql" for product "Postgresql" and version "9.2.5" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.6 Search vendor "Postgresql" for product "Postgresql" and version "9.2.6" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.7 Search vendor "Postgresql" for product "Postgresql" and version "9.2.7" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.8 Search vendor "Postgresql" for product "Postgresql" and version "9.2.8" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.9 Search vendor "Postgresql" for product "Postgresql" and version "9.2.9" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.10 Search vendor "Postgresql" for product "Postgresql" and version "9.2.10" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3 Search vendor "Postgresql" for product "Postgresql" and version "9.3" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.1 Search vendor "Postgresql" for product "Postgresql" and version "9.3.1" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.2 Search vendor "Postgresql" for product "Postgresql" and version "9.3.2" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.3 Search vendor "Postgresql" for product "Postgresql" and version "9.3.3" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.4 Search vendor "Postgresql" for product "Postgresql" and version "9.3.4" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.5 Search vendor "Postgresql" for product "Postgresql" and version "9.3.5" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.6 Search vendor "Postgresql" for product "Postgresql" and version "9.3.6" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.0 Search vendor "Postgresql" for product "Postgresql" and version "9.4.0" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.1 Search vendor "Postgresql" for product "Postgresql" and version "9.4.1" | - |
Affected
| ||||||