CVE-2015-5289

PostgreSQL < 9.3.10 - Denial of Service via JSON Parsing Stack Overflow

Title source: llm
STIX 2.1

Description

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.

References (14)

Core 14
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/77048
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2772-1
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-33
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html
Vendor Advisory x_refsource_confirm
http://www.postgresql.org/about/news/1615/
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3374
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033775

Scores

EPSS 0.0657
EPSS Percentile 91.3%

Details

CWE
CWE-119
Status published
Products (6)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.04
debian/debian_linux 8.0
debian/debian_linux 9.0
postgresql/postgresql 9.3.0 - 9.3.10
Published Oct 26, 2015
Tracked Since Feb 18, 2026