CVE-2015-0244: SQL Injection
First published: Mon Jan 27 2020(Updated: )
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL PostgreSQL | <9.0.19 | |
| PostgreSQL PostgreSQL | >=9.1.0<9.1.15 | |
| PostgreSQL PostgreSQL | >=9.2.0<9.2.10 | |
| PostgreSQL PostgreSQL | >=9.3.0<9.3.6 | |
| PostgreSQL PostgreSQL | >=9.4.0<9.4.1 | |
| Debian Debian Linux | =7.0 | |
| Debian Debian Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2015/dsa-3155
- http://www.postgresql.org/about/news/1569/
- http://www.postgresql.org/docs/9.4/static/release-9-4-1.html
- http://www.postgresql.org/docs/current/static/release-9-0-19.html
- http://www.postgresql.org/docs/current/static/release-9-1-15.html
- http://www.postgresql.org/docs/current/static/release-9-2-10.html
- http://www.postgresql.org/docs/current/static/release-9-3-6.html
Frequently Asked Questions
What is the severity of CVE-2015-0244?
The severity of CVE-2015-0244 is critical with a severity value of 9.8.
How does CVE-2015-0244 affect PostgreSQL?
CVE-2015-0244 affects PostgreSQL versions before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1.
What is SQL injection?
SQL injection is a type of security vulnerability that allows attackers to inject malicious SQL statements into an application's database, potentially gaining unauthorized access or manipulating data.
How can I fix the vulnerability in PostgreSQL?
To fix the vulnerability in PostgreSQL, upgrade to version 9.0.19 or later for PostgreSQL 9.0.x, upgrade to version 9.1.15 or later for PostgreSQL 9.1.x, upgrade to version 9.2.10 or later for PostgreSQL 9.2.x, upgrade to version 9.3.6 or later for PostgreSQL 9.3.x, and upgrade to version 9.4.1 or later for PostgreSQL 9.4.x.
Where can I find more information about CVE-2015-0244?
You can find more information about CVE-2015-0244 at the following references: [http://www.debian.org/security/2015/dsa-3155](http://www.debian.org/security/2015/dsa-3155), [http://www.postgresql.org/about/news/1569/](http://www.postgresql.org/about/news/1569/), [http://www.postgresql.org/docs/9.4/static/release-9-4-1.html](http://www.postgresql.org/docs/9.4/static/release-9-4-1.html).
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/postgresql
- canonical/postgresql postgresql
- version/postgresql postgresql/9.1.0
- version/postgresql postgresql/9.2.0
- version/postgresql postgresql/9.3.0
- version/postgresql postgresql/9.4.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- version/debian debian linux/8.0