CVE-2012-4575

Published: 18 November 2012

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.

Priority

Status

Package	Release	Status
pgbouncer Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (1.3.1-3ubuntu0.1)
	oneiric	Released (1.4.2-1ubuntu0.1)
	precise	Released (1.4.2-2ubuntu0.1)
	quantal	Released (1.5.2-2ubuntu0.1)
	upstream	Released (1.5.2-4)
	Patches: upstream: http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commitdiff;h=4b92112b820830b30cd7bc91bef3dd8f35305525

References

http://www.openwall.com/lists/oss-security/2012/11/02/4
https://www.cve.org/CVERecord?id=CVE-2012-4575
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›