What is CVE-2015-0242?

CVE-2015-0242 refers to a stack-based buffer overflow vulnerability in the *printf function implementations in PostgreSQL before version 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 when running on a Windows system.

How does CVE-2015-0242 impact PostgreSQL?

CVE-2015-0242 allows remote authenticated users to cause a denial of service (crash) and potentially execute arbitrary code by exploiting the vulnerability in the *printf function implementations.

What is the severity of CVE-2015-0242?

CVE-2015-0242 has a severity rating of 8.8 (high).

How can I fix CVE-2015-0242 in PostgreSQL?

To fix CVE-2015-0242 in PostgreSQL, it is recommended to upgrade to version 9.0.19, 9.1.15, 9.2.10, 9.3.6, or 9.4.1, depending on the version you are currently using.

Where can I find more information about CVE-2015-0242?

You can find more information about CVE-2015-0242 in the following references: [1] http://www.debian.org/security/2015/dsa-3155 [2] http://www.postgresql.org/about/news/1569/ [3] http://www.postgresql.org/docs/9.4/static/release-9-4-1.html

Vulnerability/
CVE-2015-0242

high

8.8

CWE

787 119

27/1/2020

31/1/2020

CVE-2015-0242: Buffer Overflow

First published: Mon Jan 27 2020(Updated: )

Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
PostgreSQL PostgreSQL	<9.0.19
PostgreSQL PostgreSQL	>=9.1.0<9.1.15
PostgreSQL PostgreSQL	>=9.2.0<9.2.10
PostgreSQL PostgreSQL	>=9.3.0<9.3.6
PostgreSQL PostgreSQL	>=9.4.0<9.4.1
Microsoft Windows
Debian Debian Linux	=7.0
Debian Debian Linux	=8.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2015-0242?
CVE-2015-0242 refers to a stack-based buffer overflow vulnerability in the *printf function implementations in PostgreSQL before version 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 when running on a Windows system.
How does CVE-2015-0242 impact PostgreSQL?
CVE-2015-0242 allows remote authenticated users to cause a denial of service (crash) and potentially execute arbitrary code by exploiting the vulnerability in the *printf function implementations.
What is the severity of CVE-2015-0242?
CVE-2015-0242 has a severity rating of 8.8 (high).
How can I fix CVE-2015-0242 in PostgreSQL?
To fix CVE-2015-0242 in PostgreSQL, it is recommended to upgrade to version 9.0.19, 9.1.15, 9.2.10, 9.3.6, or 9.4.1, depending on the version you are currently using.
Where can I find more information about CVE-2015-0242?
You can find more information about CVE-2015-0242 in the following references: [1] http://www.debian.org/security/2015/dsa-3155 [2] http://www.postgresql.org/about/news/1569/ [3] http://www.postgresql.org/docs/9.4/static/release-9-4-1.html

agent/references
agent/weakness
agent/severity
agent/author
agent/type
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/postgresql
canonical/postgresql postgresql
version/postgresql postgresql/9.1.0
version/postgresql postgresql/9.2.0
version/postgresql postgresql/9.3.0
version/postgresql postgresql/9.4.0
vendor/microsoft
canonical/microsoft windows
vendor/debian
canonical/debian debian linux
version/debian debian linux/7.0
version/debian debian linux/8.0