CVE-2012-4575: Buffer Overflow
First published: Fri Nov 02 2012(Updated: )
A denial of service flaw was found in the way pgbouncer, a lightweight connection pooler for PostgreSQL, performed processing of client requests attempting to add new database(s) with large name(s). A remote attacker could use this flaw to cause pooler server shutdown. Relevant upstream patch: [1] <a href="http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commitdiff;h=4b92112b820830b30cd7bc91bef3dd8f35305525">http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commitdiff;h=4b92112b820830b30cd7bc91bef3dd8f35305525</a> References: [2] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692103">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692103</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pgbouncer Project Pgbouncer | =1.5.2 | |
| PostgreSQL PostgreSQL |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commitdiff;h=4b92112b820830b30cd7bc91bef3dd8f35305525
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692103
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=872529
- http://www.openwall.com/lists/oss-security/2012/11/02/4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=872527#c4
- http://www.openwall.com/lists/oss-security/2012/11/02/8
- https://bugzilla.redhat.com/show_bug.cgi?id=872527
- http://git.postgresql.org/gitweb/?p=pgbouncer.git%3Ba=commit%3Bh=4b92112b820830b30cd7bc91bef3dd8f35305525
- http://openwall.com/lists/oss-security/2012/11/02/8
- http://www.securityfocus.com/bid/56371
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-4575
- vendor/pgbouncer project
- canonical/pgbouncer project pgbouncer
- version/pgbouncer project pgbouncer/1.5.2
- vendor/postgresql
- canonical/postgresql postgresql