漏洞类别:Local
漏洞等级: 
漏洞信息
PostgreSQL, often simply Postgres, is an object-relational database management system (ORDBMS).
Following vulnerabilities are fixed:
CVE-2017-15098: Memory disclosure in JSON functions
Affected Versions:
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20
QID Detection Logic(Authenticated)
This checks for vulnerable versions of PostgreSQL.
漏洞危害
On successful exploitation attacker can crash the server or disclose a few bytes of server memory.
解决方案
Vendor has released fix. Refer advisory here
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论