Date: Tue, 16 Mar 2010 11:23:39 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE Request: postgresql integer overflow in hash table size calculation * [2010-03-09 09:46:49 -0700] Vincent Danen wrote: >I've been looking and can't find a CVE name for this issue. Could one >be assigned? > >An integer overflow flaw was found in the way postgresql used to >calculate size for the hashtable for joined relations. An attacker could >formulate a specially-crafted sql query, which once processed would lead >to denial of service (postgresql daemon crash). > >References: > >https://bugzilla.redhat.com/show_bug.cgi?id=546621 >http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php Please use CVE-2010-0733 for this issue. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.