CVE-2016-3065

Published: Apr 11, 2016Modified: May 6, 2026

9.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page.

Affected (2)

Products: Postgresql: Postgresql

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 9.5.1
Postgresql Postgresql	Version 9.5

Related CWEs

References (8)

http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=bf78a6f107949fdfb513d1b45e30cefe04e09e4f

Source: secalert@redhat.com

http://www.postgresql.org/about/news/1656/

Source: secalert@redhat.com

PatchVendor Advisory

http://www.postgresql.org/docs/current/static/release-9-5-2.html

Source: secalert@redhat.com

http://www.securitytracker.com/id/1035468

Source: secalert@redhat.com

http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=bf78a6f107949fdfb513d1b45e30cefe04e09e4f

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/about/news/1656/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.postgresql.org/docs/current/static/release-9-5-2.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1035468

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.