4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
4.8 Medium
AI Score
Confidence
Low
0.046 Low
EPSS
Percentile
92.6%
The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
lists.opensuse.org/opensuse-updates/2014-03/msg00018.html
lists.opensuse.org/opensuse-updates/2014-03/msg00038.html
rhn.redhat.com/errata/RHSA-2014-0211.html
rhn.redhat.com/errata/RHSA-2014-0221.html
rhn.redhat.com/errata/RHSA-2014-0249.html
rhn.redhat.com/errata/RHSA-2014-0469.html
support.apple.com/kb/HT6448
wiki.postgresql.org/wiki/20140220securityrelease
www.debian.org/security/2014/dsa-2864
www.debian.org/security/2014/dsa-2865
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.postgresql.org/about/news/1506/
www.ubuntu.com/usn/USN-2120-1
support.apple.com/kb/HT6536