Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2016-0773

Disclosure Date: February 17, 2016
CVE-2016-0773 CVSS v3 Base Score: 7.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • postgresql

Products

  • debian linux 7.0,
  • debian linux 8.0,
  • postgresql,
  • postgresql 9.2,
  • postgresql 9.2.1,
  • postgresql 9.2.10,
  • postgresql 9.2.11,
  • postgresql 9.2.12,
  • postgresql 9.2.13,
  • postgresql 9.2.14,
  • postgresql 9.2.2,
  • postgresql 9.2.3,
  • postgresql 9.2.4,
  • postgresql 9.2.5,
  • postgresql 9.2.6,
  • postgresql 9.2.7,
  • postgresql 9.2.8,
  • postgresql 9.2.9,
  • postgresql 9.4,
  • postgresql 9.4.1,
  • postgresql 9.4.2,
  • postgresql 9.4.3,
  • postgresql 9.4.4,
  • postgresql 9.4.5,
  • postgresql 9.5,
  • ubuntu linux 12.04,
  • ubuntu linux 14.04,
  • ubuntu linux 15.10

References

Canonical
CVE-2016-0773 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0773)
BID-83184 (http://www.securityfocus.com/bid/83184)
Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html
https://puppet.com/security/cve/CVE-2016-0773
http://www.postgresql.org/docs/current/static/release-9-3-11.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html
http://www.postgresql.org/docs/current/static/release-9-2-15.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10152
http://www.postgresql.org/docs/current/static/release-9-5-1.html
GLSA-201701-33 (https://security.gentoo.org/glsa/201701-33)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.postgresql.org/about/news/1644
SECTRACK-1035005 (http://www.securitytracker.com/id/1035005)
FEDORA-2016-b0c2412ab2 (http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177878.html)
FEDORA-2016-e0a6c9ebc4 (http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177820.html)
http://rhn.redhat.com/errata/RHSA-2016-1060.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html
http://www.postgresql.org/docs/current/static/release-9-4-6.html
USN-2894-1 (http://www.ubuntu.com/usn/USN-2894-1)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html
http://www.postgresql.org/docs/current/static/release-9-1-20.html
DSA-3476 (http://www.debian.org/security/2016/dsa-3476)
DSA-3475 (http://www.debian.org/security/2016/dsa-3475)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis