CVE-2012-4575 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Pgbouncer

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.5%

top 18.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pgbouncer Debian Pgbouncer Pgbouncer Project Pgbouncer +2 more

Timeline

PublishedNov 18

Latest updateMay 13

Description

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶debiandebian/pgbouncer< pgbouncer 1.5.2-4 (bookworm)

▶Debianpgbouncer/pgbouncer< 1.5.2-4+3

▶NVDpgbouncer_project/pgbouncer1.5.2

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

🔴Vulnerability Details

GHSA

GHSA-wcfv-hw89-j2wx: The add_database function in objects↗2022-05-13

▶

OSV

CVE-2012-4575: The add_database function in objects↗2012-11-18

▶

📋Vendor Advisories

Microsoft

CVE-2012-4575: NIST NVD Details: https://nvd↗2020-09-08

▶

Debian

CVE-2012-4575: pgbouncer - The add_database function in objects.c in the pgbouncer pooler 1.5.2 for Postgre...↗2012

▶

💬Community

Bugzilla

CVE-2012-4575 pgbouncer: DoS (pooler server shutdown) by adding database with large name [fedora-all]↗2012-11-02

▶