Detections
Analytics

Alpine: postgresql: security update to 9.4.15-r0

high Tenable Cloud Security Plugin ID 406487

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

 - Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1,
 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server
 or disclose a few bytes of server memory. (CVE-2017-15098)

See Also

https://security.alpinelinux.org/vuln/CVE-2017-15098

Plugin Details

Severity: High

ID: 406487

Version: Revision 1.24

Type: Local

Published: 10/31/2023

Updated: 3/13/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS Score Source: CVE-2017-15098

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 11/9/2017

Reference Information

CVE: CVE-2017-15098

BID: 101781

IAVB: 2017-B-0156-S