Stack-based buffer overflow in postgresql (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2015-5289 |
| CWE-ID | CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
postgresql (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Stack-based buffer overflow
EUVDB-ID: #VU32376
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2015-5289
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionspostgresql (Alpine package): 9.3.7-r0
CPE2.3 External linkshttps://git.alpinelinux.org/aports/commit/?id=2d37e1a18bfa6fd4b1e2a540f50a273fd8f29a48
https://git.alpinelinux.org/aports/commit/?id=b00395849373651c7fb5b1c1d44454b73db2b480
https://git.alpinelinux.org/aports/commit/?id=86e868a5e1befbf6b37885f9e1c4835d34b3c078
https://git.alpinelinux.org/aports/commit/?id=0f28cb4563020e8535732a3f4c4768b1b72930b9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
