Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. CVE-2015-5289 Oskari Saarenmaa discovered that json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service.