CVE-2015-3165
Last modified
CVE-2015-3165 is a vulnerability of currently unknown severity. Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.. EPSS estimates a 8.57% chance of exploitation in the next 30 days.
Description
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 12.04 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 14.10 |
| Canonical | Ubuntu Linux | 15.04 |
| Debian | Debian Linux | 7.0 |
| Debian | Debian Linux | 8.0 |
| Apple | Mac Os X Server | 5.0.2 |
| Postgresql | Postgresql | <= 9.0.19 |
| Postgresql | Postgresql | 9.1 |
| Postgresql | Postgresql | 9.1.1 |
| Postgresql | Postgresql | 9.1.2 |
| Postgresql | Postgresql | 9.1.3 |
| Postgresql | Postgresql | 9.1.4 |
| Postgresql | Postgresql | 9.1.5 |
| Postgresql | Postgresql | 9.1.6 |
| Postgresql | Postgresql | 9.1.7 |
| Postgresql | Postgresql | 9.1.8 |
| Postgresql | Postgresql | 9.1.9 |
| Postgresql | Postgresql | 9.1.10 |
| Postgresql | Postgresql | 9.1.11 |
| Postgresql | Postgresql | 9.1.12 |
| Postgresql | Postgresql | 9.1.13 |
| Postgresql | Postgresql | 9.1.14 |
| Postgresql | Postgresql | 9.1.15 |
| Postgresql | Postgresql | 9.2 |
| Postgresql | Postgresql | 9.2.1 |
| Postgresql | Postgresql | 9.2.2 |
| Postgresql | Postgresql | 9.2.3 |
| Postgresql | Postgresql | 9.2.4 |
| Postgresql | Postgresql | 9.2.5 |
| Postgresql | Postgresql | 9.2.6 |
| Postgresql | Postgresql | 9.2.7 |
| Postgresql | Postgresql | 9.2.8 |
| Postgresql | Postgresql | 9.2.9 |
| Postgresql | Postgresql | 9.2.10 |
| Postgresql | Postgresql | 9.3 |
| Postgresql | Postgresql | 9.3.1 |
| Postgresql | Postgresql | 9.3.2 |
| Postgresql | Postgresql | 9.3.3 |
| Postgresql | Postgresql | 9.3.4 |
| Postgresql | Postgresql | 9.3.5 |
| Postgresql | Postgresql | 9.3.6 |
| Postgresql | Postgresql | 9.4.0 |
| Postgresql | Postgresql | 9.4.1 |
References
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.htmlMailing List, Third Party Advisory
- http://www.debian.org/security/2015/dsa-3269Third Party Advisory
- http://www.debian.org/security/2015/dsa-3270Third Party Advisory
- http://www.postgresql.org/about/news/1587/Vendor Advisory
- http://www.securityfocus.com/bid/74787Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2621-1Vendor Advisory
- https://support.apple.com/HT205219Third Party Advisory
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.htmlMailing List, Third Party Advisory
- http://www.debian.org/security/2015/dsa-3269Third Party Advisory
- http://www.debian.org/security/2015/dsa-3270Third Party Advisory
- http://www.postgresql.org/about/news/1587/Vendor Advisory
- http://www.securityfocus.com/bid/74787Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2621-1Vendor Advisory
- https://support.apple.com/HT205219Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-3165?
How severe is CVE-2015-3165?
How do I fix CVE-2015-3165?
Are you affected by CVE-2015-3165?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST