F5-K000150204
First published: Mon Mar 03 2025(Updated: )
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| =17.1.0 | 17.1.1 | |
| >=16.1.0<=16.1.5 | ||
| >=15.1.0<=15.1.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of F5-K000150204?
The severity of F5-K000150204 is considered high due to the potential for information disclosure and unspecified impacts.
How do I fix F5-K000150204?
To fix F5-K000150204, you should upgrade to the recommended versions provided by F5, specifically versions 17.1.1 or higher.
What versions are affected by F5-K000150204?
The affected versions for F5-K000150204 include various patches of PostgreSQL before 9.0.20 and certain versions of F5 BIG-IP from 15.1.0 to 15.1.10, 16.1.0 to 16.1.5, and below 17.1.1.
What are the potential impacts of F5-K000150204?
The potential impacts of F5-K000150204 include the exposure of sensitive information and other malicious exploitation using unknown vectors.
Is there a workaround for F5-K000150204?
There are currently no documented workarounds for F5-K000150204, and upgrading to a secure version is the recommended approach.
- agent/last-modified-date
- agent/references
- agent/source
- agent/severity
- agent/softwarecombine
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/f5-advisory
- source/F5
- alias/CVE-2015-3166
- vendor/f5