Lucene search

[email protected]NVD:CVE-2017-15098

HistoryNov 22, 2017 - 5:29 p.m.

CVE-2017-15098

2017-11-2217:29:00

CWE-200

[email protected]

web.nvd.nist.gov

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

7.6 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.2%

JSON

Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.

Affected configurations

NVD

Node

postgresqlpostgresqlMatch9.3

postgresqlpostgresqlMatch9.3.1

postgresqlpostgresqlMatch9.3.2

postgresqlpostgresqlMatch9.3.3

postgresqlpostgresqlMatch9.3.4

postgresqlpostgresqlMatch9.3.5

postgresqlpostgresqlMatch9.3.6

postgresqlpostgresqlMatch9.3.7

postgresqlpostgresqlMatch9.3.8

postgresqlpostgresqlMatch9.3.9

postgresqlpostgresqlMatch9.3.10

postgresqlpostgresqlMatch9.3.11

postgresqlpostgresqlMatch9.3.12

postgresqlpostgresqlMatch9.3.13

postgresqlpostgresqlMatch9.3.14

postgresqlpostgresqlMatch9.3.15

postgresqlpostgresqlMatch9.3.16

postgresqlpostgresqlMatch9.3.17

postgresqlpostgresqlMatch9.3.18

postgresqlpostgresqlMatch9.3.19

postgresqlpostgresqlMatch9.4

postgresqlpostgresqlMatch9.4.1

postgresqlpostgresqlMatch9.4.2

postgresqlpostgresqlMatch9.4.3

postgresqlpostgresqlMatch9.4.4

postgresqlpostgresqlMatch9.4.5

postgresqlpostgresqlMatch9.4.6

postgresqlpostgresqlMatch9.4.7

postgresqlpostgresqlMatch9.4.8

postgresqlpostgresqlMatch9.4.9

postgresqlpostgresqlMatch9.4.10

postgresqlpostgresqlMatch9.4.11

postgresqlpostgresqlMatch9.4.12

postgresqlpostgresqlMatch9.4.13

postgresqlpostgresqlMatch9.4.14

postgresqlpostgresqlMatch9.5

postgresqlpostgresqlMatch9.5.1

postgresqlpostgresqlMatch9.5.2

postgresqlpostgresqlMatch9.5.3

postgresqlpostgresqlMatch9.5.4

postgresqlpostgresqlMatch9.5.5

postgresqlpostgresqlMatch9.5.6

postgresqlpostgresqlMatch9.5.7

postgresqlpostgresqlMatch9.5.8

postgresqlpostgresqlMatch9.5.9

postgresqlpostgresqlMatch9.6

postgresqlpostgresqlMatch9.6.1

postgresqlpostgresqlMatch9.6.2

postgresqlpostgresqlMatch9.6.3

postgresqlpostgresqlMatch9.6.4

postgresqlpostgresqlMatch9.6.5

postgresqlpostgresqlMatch10

Node

debiandebian_linuxMatch8.0

References

www.securityfocus.com/bid/101781

www.securitytracker.com/id/1039752

access.redhat.com/errata/RHSA-2018:2511

access.redhat.com/errata/RHSA-2018:2566

www.debian.org/security/2017/dsa-4027

www.debian.org/security/2017/dsa-4028

www.postgresql.org/about/news/1801/

www.postgresql.org/support/security/

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

7.6 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for NVD:CVE-2017-15098

ubuntucve1 redhatcve1 osv3 cve1 openvas10 postgresql1 veracode1 cvelist1 nessus17 debiancve1 alpinelinux1 prion1 debian2 ubuntu1 amazon2 archlinux2 freebsd1 mageia1 kaspersky1 suse1 redhat2