Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-3165

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.

Published

2015-05-28T14:59:06.283

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	canonical	ubuntu_linux	12.04	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	14.10	Yes
Operating System	canonical	ubuntu_linux	15.04	Yes
Operating System	debian	debian_linux	7.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	apple	mac_os_x_server	5.0.2	Yes
Application	postgresql	postgresql	≤ 9.0.19	Yes
Application	postgresql	postgresql	9.1	Yes
Application	postgresql	postgresql	9.1.1	Yes
Application	postgresql	postgresql	9.1.2	Yes
Application	postgresql	postgresql	9.1.3	Yes
Application	postgresql	postgresql	9.1.4	Yes
Application	postgresql	postgresql	9.1.5	Yes
Application	postgresql	postgresql	9.1.6	Yes
Application	postgresql	postgresql	9.1.7	Yes
Application	postgresql	postgresql	9.1.8	Yes
Application	postgresql	postgresql	9.1.9	Yes
Application	postgresql	postgresql	9.1.10	Yes
Application	postgresql	postgresql	9.1.11	Yes
Application	postgresql	postgresql	9.1.12	Yes
Application	postgresql	postgresql	9.1.13	Yes
Application	postgresql	postgresql	9.1.14	Yes
Application	postgresql	postgresql	9.1.15	Yes
Application	postgresql	postgresql	9.2	Yes
Application	postgresql	postgresql	9.2.1	Yes
Application	postgresql	postgresql	9.2.2	Yes
Application	postgresql	postgresql	9.2.3	Yes
Application	postgresql	postgresql	9.2.4	Yes
Application	postgresql	postgresql	9.2.5	Yes
Application	postgresql	postgresql	9.2.6	Yes
Application	postgresql	postgresql	9.2.7	Yes
Application	postgresql	postgresql	9.2.8	Yes
Application	postgresql	postgresql	9.2.9	Yes
Application	postgresql	postgresql	9.2.10	Yes
Application	postgresql	postgresql	9.3	Yes
Application	postgresql	postgresql	9.3.1	Yes
Application	postgresql	postgresql	9.3.2	Yes
Application	postgresql	postgresql	9.3.3	Yes
Application	postgresql	postgresql	9.3.4	Yes
Application	postgresql	postgresql	9.3.5	Yes
Application	postgresql	postgresql	9.3.6	Yes
Application	postgresql	postgresql	9.4.0	Yes
Application	postgresql	postgresql	9.4.1	Yes

References

http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html Mailing List, Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1194.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1195.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1196.html ([email protected])
http://www.debian.org/security/2015/dsa-3269 Third Party Advisory ([email protected])
http://www.debian.org/security/2015/dsa-3270 Third Party Advisory ([email protected])
http://www.postgresql.org/about/news/1587/ Vendor Advisory ([email protected])
http://www.postgresql.org/docs/9.0/static/release-9-0-20.html Release Notes ([email protected])
http://www.postgresql.org/docs/9.1/static/release-9-1-16.html Release Notes ([email protected])
http://www.postgresql.org/docs/9.2/static/release-9-2-11.html Release Notes ([email protected])
http://www.postgresql.org/docs/9.3/static/release-9-3-7.html Release Notes ([email protected])
http://www.postgresql.org/docs/9.4/static/release-9-4-2.html Release Notes ([email protected])
http://www.securityfocus.com/bid/74787 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/USN-2621-1 Vendor Advisory ([email protected])
https://security.gentoo.org/glsa/201507-20 ([email protected])
https://support.apple.com/HT205219 Third Party Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1194.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1195.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1196.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2015/dsa-3269 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2015/dsa-3270 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.postgresql.org/about/news/1587/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.postgresql.org/docs/9.0/static/release-9-0-20.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.postgresql.org/docs/9.1/static/release-9-1-16.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.postgresql.org/docs/9.2/static/release-9-2-11.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.postgresql.org/docs/9.3/static/release-9-3-7.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.postgresql.org/docs/9.4/static/release-9-4-2.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/74787 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2621-1 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201507-20 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT205219 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)