Home

CVE-2015-3167

Description

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
2.522

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2015-3167,CVE-2015-3166,CVE-2015-3165 are fixed in PostgreSQL 9.4.2Windows
Vulnerabilities CVE-2015-3167,CVE-2015-3166,CVE-2015-3165 are fixed in PostgreSQL 9.3.7Windows
Vulnerabilities CVE-2015-3167,CVE-2015-3166,CVE-2015-3165 are fixed in PostgreSQL 9.2.11Windows
Vulnerabilities CVE-2015-3167,CVE-2015-3166,CVE-2015-3165 are fixed in PostgreSQL 9.1.16Windows
Vulnerabilities CVE-2015-3167,CVE-2015-3166,CVE-2015-3165 are fixed in PostgreSQL 9.0.20Windows
Object-relational SQL database (USN-2621-1) postgresql-9.4_9.4.5-0ubuntu0.15.04_i386.debLinux
Object-relational SQL database (USN-2621-1) postgresql-9.4_9.4.5-0ubuntu0.15.04_amd64.debLinux
postgresql-9.4 security update(DSA-3476-1) postgresql-9.4_9.4.8-0+deb8u1_i386.debLinux
postgresql-9.4 security update(DSA-3476-1) postgresql-9.4_9.4.8-0+deb8u1_amd64.debLinux
Vulnerabilities CVE-2015-3167,CVE-2015-3166,CVE-2015-3165 are fixed in PostgreSQL 9.4.2 (For Linux)Linux
Vulnerabilities CVE-2015-3167,CVE-2015-3166,CVE-2015-3165 are fixed in PostgreSQL 9.3.7 (For Linux)Linux
Vulnerabilities CVE-2015-3167,CVE-2015-3166,CVE-2015-3165 are fixed in PostgreSQL 9.2.11 (For Linux)Linux
Vulnerabilities CVE-2015-3167,CVE-2015-3166,CVE-2015-3165 are fixed in PostgreSQL 9.1.16 (For Linux)Linux
Vulnerabilities CVE-2015-3167,CVE-2015-3166,CVE-2015-3165 are fixed in PostgreSQL 9.0.20 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234