CVE-2016-3065

Impact:
Moderate
Public Date:
2016-03-31
Bugzilla:
1319810: CVE-2016-3065 postgresql: memory disclosure in pageinspect functions

The MITRE CVE dictionary describes this issue as:

The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page.

Find out more about CVE-2016-3065 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 4.9
Base Metrics AV:N/AC:M/Au:S/C:P/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact Partial
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat Software Collections for Red Hat Enterprise Linux rh-postgresql94-postgresql Not affected
Red Hat Software Collections for Red Hat Enterprise Linux rh-postgresql95-postgresql Not affected
Red Hat Software Collections for Red Hat Enterprise Linux postgresql92-postgresql Not affected
Red Hat Satellite 5.7 postgresql92-postgresql Not affected
Red Hat Enterprise Linux 7 postgresql Not affected
Red Hat Enterprise Linux 6 postgresql Not affected
Red Hat Enterprise Linux 5 postgresql84 Not affected
Red Hat Enterprise Linux 5 postgresql Not affected

Acknowledgements

Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andreas Seltenreich as the original reporter.

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.