Wind River Support Network


LIN7-4235 : Security Advisory - postgresql - CVE-2015-0244

Created: Jul 7, 2015    Updated: Sep 8, 2018
Resolved Date: Jul 8, 2015
Previous ID: LIN4-32858
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace


The PostgreSQL project reports the following issue:

If any error occurred while the server was in the middle of reading a protocol message from the client, it could lose synchronization and incorrectly try to interpret part of the message's data as a new protocol message. An attacker able to submit crafted binary data within a command parameter might succeed in injecting his own SQL commands this way. Statement timeout and query cancellation are the most likely sources of errors triggering this scenario. Particularly vulnerable are applications that use a timeout and also submit arbitrary user-crafted data as binary query parameters. Disabling statement timeout will reduce, but not eliminate, the risk of exploit.

Other Downloads


Live chat