CVE-2017-15098 - AskarLabs CVE Database

CVE-2017-15098

Vendor Red Hat, Inc.

Product postgresql

Weakness CWE-200 · Info exposure

Published November 22, 2017

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.

Key dates

02Disclosure timeline

November 22, 2017 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-15098 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2023-39999 WordPress < 6.3.2 is vulnerable to Broken Access Control CVE-2026-26014 Pion DTLS uses random nonce generation with AES GCM ciphers risks leaking the authentication key CVE-2024-35691 WordPress Widget Options - Extended plugin <= 5.1.0 - Multiple Data Exposure Vulnerability CVE-2026-4733 Information disclosure in ixray-1.6-stcop CVE-2026-32631 Git for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers