Vulnerability Description
The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pgbouncer Project | Pgbouncer | 1.5.2 |
| Postgresql | Postgresql | - |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692103Third Party Advisory
- http://git.postgresql.org/gitweb/?p=pgbouncer.git%3Ba=commit%3Bh=4b92112b820830b
- http://openwall.com/lists/oss-security/2012/11/02/8Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/56371Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=872527Issue TrackingThird Party Advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692103Third Party Advisory
- http://git.postgresql.org/gitweb/?p=pgbouncer.git%3Ba=commit%3Bh=4b92112b820830b
- http://openwall.com/lists/oss-security/2012/11/02/8Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/56371Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=872527Issue TrackingThird Party Advisory
FAQ
What is CVE-2012-4575?
CVE-2012-4575 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.
How severe is CVE-2012-4575?
CVE-2012-4575 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4575?
Check the references section above for vendor advisories and patch information. Affected products include: Pgbouncer Project Pgbouncer, Postgresql Postgresql.