CVE-2015-3165
postgresql: double-free after authentication timeout
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
Vulnerabilidad de doble liberación en PostgreSQL anterior a 9.0.20, 9.1.x anterior a 9.1.16, 9.2.x anterior a 9.2.11, 9.3.x anterior a 9.3.7, y 9.4.x anterior a 9.4.2 permite a atacantes remotos causar una denegación de servicio (caída) mediante el cierre de una sesión SSL en un momento cuando el fin de sesión de la autenticación caducará durante la secuencia del cierre de sesión.
A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-04-10 CVE Reserved
- 2015-05-22 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (18)
URL | Tag | Source |
---|---|---|
http://www.postgresql.org/docs/9.0/static/release-9-0-20.html | Release Notes | |
http://www.postgresql.org/docs/9.1/static/release-9-1-16.html | Release Notes | |
http://www.postgresql.org/docs/9.2/static/release-9-2-11.html | Release Notes | |
http://www.postgresql.org/docs/9.3/static/release-9-3-7.html | Release Notes | |
http://www.postgresql.org/docs/9.4/static/release-9-4-2.html | Release Notes | |
http://www.securityfocus.com/bid/74787 | Third Party Advisory | |
https://support.apple.com/HT205219 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html | 2018-01-05 | |
http://rhn.redhat.com/errata/RHSA-2015-1194.html | 2018-01-05 | |
http://rhn.redhat.com/errata/RHSA-2015-1195.html | 2018-01-05 | |
http://rhn.redhat.com/errata/RHSA-2015-1196.html | 2018-01-05 | |
http://www.debian.org/security/2015/dsa-3269 | 2018-01-05 | |
http://www.debian.org/security/2015/dsa-3270 | 2018-01-05 | |
http://www.postgresql.org/about/news/1587 | 2018-01-05 | |
http://www.ubuntu.com/usn/USN-2621-1 | 2018-01-05 | |
https://security.gentoo.org/glsa/201507-20 | 2018-01-05 | |
https://access.redhat.com/security/cve/CVE-2015-3165 | 2015-06-29 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1221537 | 2015-06-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 5.0.2 Search vendor "Apple" for product "Mac Os X Server" and version "5.0.2" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | <= 9.0.19 Search vendor "Postgresql" for product "Postgresql" and version " <= 9.0.19" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1 Search vendor "Postgresql" for product "Postgresql" and version "9.1" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.1 Search vendor "Postgresql" for product "Postgresql" and version "9.1.1" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.2 Search vendor "Postgresql" for product "Postgresql" and version "9.1.2" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.3 Search vendor "Postgresql" for product "Postgresql" and version "9.1.3" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.4 Search vendor "Postgresql" for product "Postgresql" and version "9.1.4" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.5 Search vendor "Postgresql" for product "Postgresql" and version "9.1.5" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.6 Search vendor "Postgresql" for product "Postgresql" and version "9.1.6" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.7 Search vendor "Postgresql" for product "Postgresql" and version "9.1.7" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.8 Search vendor "Postgresql" for product "Postgresql" and version "9.1.8" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.9 Search vendor "Postgresql" for product "Postgresql" and version "9.1.9" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.10 Search vendor "Postgresql" for product "Postgresql" and version "9.1.10" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.11 Search vendor "Postgresql" for product "Postgresql" and version "9.1.11" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.12 Search vendor "Postgresql" for product "Postgresql" and version "9.1.12" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.13 Search vendor "Postgresql" for product "Postgresql" and version "9.1.13" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.14 Search vendor "Postgresql" for product "Postgresql" and version "9.1.14" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.15 Search vendor "Postgresql" for product "Postgresql" and version "9.1.15" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2 Search vendor "Postgresql" for product "Postgresql" and version "9.2" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.1 Search vendor "Postgresql" for product "Postgresql" and version "9.2.1" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.2 Search vendor "Postgresql" for product "Postgresql" and version "9.2.2" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.3 Search vendor "Postgresql" for product "Postgresql" and version "9.2.3" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.4 Search vendor "Postgresql" for product "Postgresql" and version "9.2.4" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.5 Search vendor "Postgresql" for product "Postgresql" and version "9.2.5" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.6 Search vendor "Postgresql" for product "Postgresql" and version "9.2.6" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.7 Search vendor "Postgresql" for product "Postgresql" and version "9.2.7" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.8 Search vendor "Postgresql" for product "Postgresql" and version "9.2.8" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.9 Search vendor "Postgresql" for product "Postgresql" and version "9.2.9" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.10 Search vendor "Postgresql" for product "Postgresql" and version "9.2.10" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3 Search vendor "Postgresql" for product "Postgresql" and version "9.3" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.1 Search vendor "Postgresql" for product "Postgresql" and version "9.3.1" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.2 Search vendor "Postgresql" for product "Postgresql" and version "9.3.2" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.3 Search vendor "Postgresql" for product "Postgresql" and version "9.3.3" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.4 Search vendor "Postgresql" for product "Postgresql" and version "9.3.4" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.5 Search vendor "Postgresql" for product "Postgresql" and version "9.3.5" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.6 Search vendor "Postgresql" for product "Postgresql" and version "9.3.6" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.0 Search vendor "Postgresql" for product "Postgresql" and version "9.4.0" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.1 Search vendor "Postgresql" for product "Postgresql" and version "9.4.1" | - |
Affected
|