mailing list archives
CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 2 Nov 2012 06:53:06 -0400 (EDT)
Hello Kurt, Steve, vendors,
a denial of service flaw was found in the way pgbouncer,
a lightweight connection pooler for PostgreSQL, performed
processing of client requests attempting to add new database(s)
with large name(s). A remote attacker could use this flaw
to cause pooler server shutdown.
Relevant upstream patch:
Could you allocate a CVE id for this?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
- CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name Jan Lieskovsky (Nov 02)