Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 2 Nov 2012 06:53:06 -0400 (EDT)
From: Jan Lieskovsky <>
Cc: "Steven M. Christey" <>
Subject: CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding
 database with large name

Hello Kurt, Steve, vendors,

  a denial of service flaw was found in the way pgbouncer,
a lightweight connection pooler for PostgreSQL, performed
processing of client requests attempting to add new database(s)
with large name(s). A remote attacker could use this flaw
to cause pooler server shutdown.

Relevant upstream patch:


Could you allocate a CVE id for this?

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ