CVE-2016-0773

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.

Published: Feb 17, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-0773
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
postgresql / postgresql	9.2.1	9.2.1.x
postgresql / postgresql	9.4.5	9.4.5.x
postgresql / postgresql	9.2.13	9.2.13.x
postgresql / postgresql	9.2.9	9.2.9.x
postgresql / postgresql	9.2.12	9.2.12.x
postgresql / postgresql	9.2.6	9.2.6.x
postgresql / postgresql	9.2.11	9.2.11.x
postgresql / postgresql	9.2.3	9.2.3.x
postgresql / postgresql	9.4.2	9.4.2.x
postgresql / postgresql	-	9.1.19.x
postgresql / postgresql	9.4.4	9.4.4.x
postgresql / postgresql	9.2	9.2.x
postgresql / postgresql	9.4.3	9.4.3.x
postgresql / postgresql	9.2.4	9.2.4.x
postgresql / postgresql	9.2.10	9.2.10.x
postgresql / postgresql	9.4.1	9.4.1.x
postgresql / postgresql	9.2.7	9.2.7.x
postgresql / postgresql	9.4	9.4.x
postgresql / postgresql	9.2.8	9.2.8.x
postgresql / postgresql	9.2.5	9.2.5.x
postgresql / postgresql	9.5	9.5.x
postgresql / postgresql	9.2.14	9.2.14.x
postgresql / postgresql	9.2.2	9.2.2.x
canonical / ubuntu_linux	12.04	12.04.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x
canonical / ubuntu_linux	15.10	15.10.x
canonical / ubuntu_linux	14.04	14.04.x

Vulnerability Database

289,689

CVE-2016-0773