Unrated severityNVD Advisory· Published Nov 20, 2019· Updated Aug 6, 2024
CVE-2015-3166
CVE-2015-3166
Description
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12>=9.0 <9.0.20, >=9.1 <9.1.16, >=9.2 <9.2.11, >=9.3 <9.3.7, >=9.4 <9.4.2+ 1 more
- (no CPE)range: >=9.0 <9.0.20, >=9.1 <9.1.16, >=9.2 <9.2.11, >=9.3 <9.3.7, >=9.4 <9.4.2
- (no CPE)range: before 9.0.20
- osv-coords10 versionspkg:rpm/opensuse/postgresql93&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql94&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql95&distro=openSUSE%20Tumbleweedpkg:rpm/suse/postgresql93&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/postgresql93&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/postgresql93&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/postgresql93-libs&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/postgresql93-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/postgresql93-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/postgresql93-libs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 9.3.15-1.1+ 9 more
- (no CPE)range: < 9.3.15-1.1
- (no CPE)range: < 9.4.10-1.1
- (no CPE)range: < 9.5.4-1.2
- (no CPE)range: < 9.3.8-8.1
- (no CPE)range: < 9.3.8-8.1
- (no CPE)range: < 9.3.8-8.1
- (no CPE)range: < 9.3.8-8.1
- (no CPE)range: < 9.3.8-8.1
- (no CPE)range: < 9.3.8-8.1
- (no CPE)range: < 9.3.8-8.1
Patches
Vulnerability mechanics
References
9- ubuntu.com/usn/usn-2621-1mitrex_refsource_MISC
- www.debian.org/security/2015/dsa-3269mitrex_refsource_MISC
- www.debian.org/security/2015/dsa-3270mitrex_refsource_MISC
- www.postgresql.org/about/news/1587/mitrex_refsource_MISC
- www.postgresql.org/docs/9.0/static/release-9-0-20.htmlmitrex_refsource_MISC
- www.postgresql.org/docs/9.1/static/release-9-1-16.htmlmitrex_refsource_MISC
- www.postgresql.org/docs/9.2/static/release-9-2-11.htmlmitrex_refsource_MISC
- www.postgresql.org/docs/9.3/static/release-9-3-7.htmlmitrex_refsource_MISC
- www.postgresql.org/docs/9.4/static/release-9-4-2.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.