CVE-2015-3165
MEDIUM severity · CVSS 4.3
4.3CVSS MEDIUM
Summary
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impactNone
Availability impact—
Exploit probability (EPSS)8%
AV:N/AC:M/Au:N/C:N/I:N/A:P
Affected products we track (3)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://www.postgresql.org/about/news/1587/Advisory
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.htmlAdvisory
- http://rhn.redhat.com/errata/RHSA-2015-1194.html
- http://rhn.redhat.com/errata/RHSA-2015-1195.html
- http://rhn.redhat.com/errata/RHSA-2015-1196.html
- http://www.debian.org/security/2015/dsa-3269Advisory
- http://www.debian.org/security/2015/dsa-3270Advisory
- http://www.postgresql.org/docs/9.0/static/release-9-0-20.html