Date: Thu, 21 May 2015 11:00:32 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: CVE Assignments MITRE <cve-assign@...re.org>, Christoph Berg <myon@...ian.org> Subject: CVE Request: pgbouncer: DoS/remote crash: invalid packet order causes lookup of NULL pointer Hi PgBouncer, a lightweight connection pooler for PostgreSQL, fixed the following issue with the 1.5.5 release: > Fix remote crash - invalid packet order causes lookup of NULL > pointer. Not exploitable, just DoS. https://pgbouncer.github.io/2015/04/pgbouncer-1-5-5/ The issue was reported in https://github.com/pgbouncer/pgbouncer/issues/42 and fixed in master with https://github.com/pgbouncer/pgbouncer/commit/edab5be6665b9e8de66c25ba527509b229468573 and in the stable-1.5 branch with https://github.com/pgbouncer/pgbouncer/commit/74d6e5f7de5ec736f71204b7b422af7380c19ac5 Could a CVE be assigned for this issue? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ