oss-sec mailing list archives
CVE Request: pgbouncer: DoS/remote crash: invalid packet order causes lookup of NULL pointer
From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 21 May 2015 11:00:32 +0200
Hi PgBouncer, a lightweight connection pooler for PostgreSQL, fixed the following issue with the 1.5.5 release:
Fix remote crash - invalid packet order causes lookup of NULL pointer. Not exploitable, just DoS.
https://pgbouncer.github.io/2015/04/pgbouncer-1-5-5/ The issue was reported in https://github.com/pgbouncer/pgbouncer/issues/42 and fixed in master with https://github.com/pgbouncer/pgbouncer/commit/edab5be6665b9e8de66c25ba527509b229468573 and in the stable-1.5 branch with https://github.com/pgbouncer/pgbouncer/commit/74d6e5f7de5ec736f71204b7b422af7380c19ac5 Could a CVE be assigned for this issue? Regards, Salvatore
Current thread:
- CVE Request: pgbouncer: DoS/remote crash: invalid packet order causes lookup of NULL pointer Salvatore Bonaccorso (May 21)