CVE-2017-15098

high

Description

Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.

References

https://www.postgresql.org/support/security/

https://www.postgresql.org/about/news/1801/

https://www.debian.org/security/2017/dsa-4028

https://www.debian.org/security/2017/dsa-4027

https://access.redhat.com/errata/RHSA-2018:2566

https://access.redhat.com/errata/RHSA-2018:2511

http://www.securitytracker.com/id/1039752

http://www.securityfocus.com/bid/101781

Details

Source: Mitre, NVD

Published: 2017-11-22

Updated: 2018-08-28

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High