oss-sec mailing list archives

CVE Request: pgbouncer: DoS/remote crash: invalid packet order causes lookup of NULL pointer

From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 21 May 2015 11:00:32 +0200

Hi

PgBouncer, a lightweight connection pooler for PostgreSQL, fixed the
following issue with the 1.5.5 release:

Fix remote crash - invalid packet order causes lookup of NULL
pointer. Not exploitable, just DoS.


https://pgbouncer.github.io/2015/04/pgbouncer-1-5-5/

The issue was reported in
https://github.com/pgbouncer/pgbouncer/issues/42 and fixed in master
with
https://github.com/pgbouncer/pgbouncer/commit/edab5be6665b9e8de66c25ba527509b229468573
and in the stable-1.5 branch with
https://github.com/pgbouncer/pgbouncer/commit/74d6e5f7de5ec736f71204b7b422af7380c19ac5

Could a CVE be assigned for this issue?

Regards,
Salvatore

Current thread:

CVE Request: pgbouncer: DoS/remote crash: invalid packet order causes lookup of NULL pointer Salvatore Bonaccorso (May 21)
- Re: CVE Request: pgbouncer: DoS/remote crash: invalid packet order causes lookup of NULL pointer cve-assign (May 22)