Description

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.

Remediation

References

CVE-2015-5288

Related Vulnerabilities

WordPress Plugin eHive Account Details Cross-Site Scripting (2.1.2)

Perl Use of Externally-Controlled Format String Vulnerability (CVE-2012-1151)

ReviveAdserver Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7371)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9665)

MySQL CVE-2014-2451 Vulnerability (CVE-2014-2451)

Severity

Medium

Classification

CVE-2015-5288 CWE-200

Tags

Missing Update Known Vulnerabilities