Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 May 2015 11:00:32 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Cc: CVE Assignments MITRE <cve-assign@...re.org>,
	Christoph Berg <myon@...ian.org>
Subject: CVE Request: pgbouncer: DoS/remote crash: invalid packet order
 causes lookup of NULL pointer

Hi

PgBouncer, a lightweight connection pooler for PostgreSQL, fixed the
following issue with the 1.5.5 release:

> Fix remote crash - invalid packet order causes lookup of NULL
> pointer. Not exploitable, just DoS.

https://pgbouncer.github.io/2015/04/pgbouncer-1-5-5/

The issue was reported in
https://github.com/pgbouncer/pgbouncer/issues/42 and fixed in master
with
https://github.com/pgbouncer/pgbouncer/commit/edab5be6665b9e8de66c25ba527509b229468573
and in the stable-1.5 branch with
https://github.com/pgbouncer/pgbouncer/commit/74d6e5f7de5ec736f71204b7b422af7380c19ac5

Could a CVE be assigned for this issue?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ