CVE-2016-0773

Published: Feb 17, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.

Affected (28)

Products: Postgresql: Postgresql · Canonical: Ubuntu Linux · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

23 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Up to 9.1.19
Postgresql Postgresql	Version 9.2.10
Postgresql Postgresql	Version 9.2.11
Postgresql Postgresql	Version 9.2.12
Postgresql Postgresql	Version 9.2.13
Postgresql Postgresql	Version 9.2.14
Postgresql Postgresql	Version 9.2.1
Postgresql Postgresql	Version 9.2.2
Postgresql Postgresql	Version 9.2.3
Postgresql Postgresql	Version 9.2.4
Postgresql Postgresql	Version 9.2.5
Postgresql Postgresql	Version 9.2.6
Postgresql Postgresql	Version 9.2.7
Postgresql Postgresql	Version 9.2.8
Postgresql Postgresql	Version 9.2.9
Postgresql Postgresql	Version 9.2
Postgresql Postgresql	Version 9.4.1
Postgresql Postgresql	Version 9.4.2
Postgresql Postgresql	Version 9.4.3
Postgresql Postgresql	Version 9.4.4
Postgresql Postgresql	Version 9.4.5
Postgresql Postgresql	Version 9.4
Postgresql Postgresql	Version 9.5

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (46)

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177820.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177878.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-1060.html

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3475

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3476

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: secalert@redhat.com

http://www.postgresql.org/about/news/1644/

Source: secalert@redhat.com

Vendor Advisory

http://www.postgresql.org/docs/current/static/release-9-1-20.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/current/static/release-9-2-15.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/current/static/release-9-3-11.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/current/static/release-9-4-6.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/current/static/release-9-5-1.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/83184

Source: secalert@redhat.com

http://www.securitytracker.com/id/1035005

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2894-1

Source: secalert@redhat.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10152

Source: secalert@redhat.com

https://puppet.com/security/cve/CVE-2016-0773

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201701-33

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177820.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177878.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-1060.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3475

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3476

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/about/news/1644/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.postgresql.org/docs/current/static/release-9-1-20.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/current/static/release-9-2-15.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/current/static/release-9-3-11.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/current/static/release-9-4-6.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/current/static/release-9-5-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/83184

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1035005

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2894-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://kc.mcafee.com/corporate/index?page=content&id=SB10152

Source: af854a3a-2127-422b-91ae-364da2661108

https://puppet.com/security/cve/CVE-2016-0773

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201701-33

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.