CVE-2012-4575

Summary

CVE	CVE-2012-4575
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2012-11-18 19:55:00 UTC
Updated	2023-02-13 04:34:00 UTC
Description	The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Pgbouncer Project	Pgbouncer	1.5.2	All	All	All
Application	Pgbouncer Project	Pgbouncer	1.5.2	All	All	All
Application	Postgresql	Postgresql	-	All	All	All
Application	Postgresql	Postgresql	-	All	All	All

References

Reference	Source	Link	Tags
oss-security - Re: CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name	MLIST	openwall.com	Mailing List, Third Party Advisory
#692103 - pgbouncer: add_database: fail gracefully if too long db name - Debian Bug report logs	CONFIRM	bugs.debian.org	Third Party Advisory
872527 – (CVE-2012-4575) pgbouncer: DoS (pooler server shutdown) by adding database with large name	CONFIRM	bugzilla.redhat.com	Issue Tracking, Third Party Advisory
git.postgresql.org Git - pgbouncer.git/commit	MISC	git.postgresql.org
PgBouncer 'add_database()' Function Denial of Service Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
git.postgresql.org Git - pgbouncer.git/commit	CONFIRM	git.postgresql.org	Patch, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

900047 CBL-Mariner Linux Security Update for postgresql 12.1
903459 Common Base Linux Mariner (CBL-Mariner) Security Update for postgresql (2660)