CVE-2015-3167
Description
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
CWE
- (none)
Affected
- PostgreSQL Global Development Group / PostgreSQL — v=before 9.0.20 [affected]; v=9.1.x before 9.1.16 [affected]; v=9.2.x before 9.2.11 [affected]; v=9.3.x before 9.3.7 [affected]; v=and 9.4.x before 9.4.2 [affected]
CVSS
- (none)
References
- http://www.postgresql.org/about/news/1587/ x_refsource_MISC
- http://www.postgresql.org/docs/9.0/static/release-9-0-20.html x_refsource_MISC
- http://www.postgresql.org/docs/9.1/static/release-9-1-16.html x_refsource_MISC
- http://www.postgresql.org/docs/9.2/static/release-9-2-11.html x_refsource_MISC
- http://www.postgresql.org/docs/9.3/static/release-9-3-7.html x_refsource_MISC
- http://www.postgresql.org/docs/9.4/static/release-9-4-2.html x_refsource_MISC
- http://www.debian.org/security/2015/dsa-3269 x_refsource_MISC
- http://www.debian.org/security/2015/dsa-3270 x_refsource_MISC
- http://ubuntu.com/usn/usn-2621-1 x_refsource_MISC
Source
cvelistV5-main/cves/2015/3xxx/CVE-2015-3167.json