Re: CVE Request: postgresql integer overflow in hash table size calculation

[Vincent Danen <vdanen () redhat com>]

* [2010-03-09 09:46:49 -0700] Vincent Danen wrote:

> I've been looking and can't find a CVE name for this issue.  Could one
> be assigned?
>
> An integer overflow flaw was found in the way postgresql used to
> calculate size for the hashtable for joined relations. An attacker could
> formulate a specially-crafted sql query, which once processed would lead
> to denial of service (postgresql daemon crash).
>
> References:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=546621
> http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php

Please use CVE-2010-0733 for this issue.

--
Vincent Danen / Red Hat Security Response Team