Skip to content
Snippets Groups Projects
Select Git revision
  • benchmark-tools
  • postgres-lambda
  • master default
  • REL9_4_25
  • REL9_5_20
  • REL9_6_16
  • REL_10_11
  • REL_11_6
  • REL_12_1
  • REL_12_0
  • REL_12_RC1
  • REL_12_BETA4
  • REL9_4_24
  • REL9_5_19
  • REL9_6_15
  • REL_10_10
  • REL_11_5
  • REL_12_BETA3
  • REL9_4_23
  • REL9_5_18
  • REL9_6_14
  • REL_10_9
  • REL_11_4
23 results

jsonb.c

Blame
    • Noah Misch's avatar
      08fa47c4
      Prevent stack overflow in json-related functions. · 08fa47c4
      Noah Misch authored
      Sufficiently-deep recursion heretofore elicited a SIGSEGV.  If an
      application constructs PostgreSQL json or jsonb values from arbitrary
      user input, application users could have exploited this to terminate all
      active database connections.  That applies to 9.3, where the json parser
      adopted recursive descent, and later versions.  Only row_to_json() and
      array_to_json() were at risk in 9.2, both in a non-security capacity.
      Back-patch to 9.2, where the json type was introduced.
      
      Oskari Saarenmaa, reviewed by Michael Paquier.
      
      Security: CVE-2015-5289
      08fa47c4
      History
      Prevent stack overflow in json-related functions.
      Noah Misch authored
      Sufficiently-deep recursion heretofore elicited a SIGSEGV.  If an
      application constructs PostgreSQL json or jsonb values from arbitrary
      user input, application users could have exploited this to terminate all
      active database connections.  That applies to 9.3, where the json parser
      adopted recursive descent, and later versions.  Only row_to_json() and
      array_to_json() were at risk in 9.2, both in a non-security capacity.
      Back-patch to 9.2, where the json type was introduced.
      
      Oskari Saarenmaa, reviewed by Michael Paquier.
      
      Security: CVE-2015-5289