[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: postgresql integer overflow in hash
From:       Vincent Danen <vdanen () redhat ! com>
Date:       2010-03-16 17:23:39
Message-ID: 20100316172339.GH30480 () redhat ! com
[Download RAW message or body]

* [2010-03-09 09:46:49 -0700] Vincent Danen wrote:

>I've been looking and can't find a CVE name for this issue.  Could one
>be assigned?
>
>An integer overflow flaw was found in the way postgresql used to
>calculate size for the hashtable for joined relations. An attacker could
>formulate a specially-crafted sql query, which once processed would lead
>to denial of service (postgresql daemon crash).
>
>References:
>
>https://bugzilla.redhat.com/show_bug.cgi?id=546621
>http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php

Please use CVE-2010-0733 for this issue.

-- 
Vincent Danen / Red Hat Security Response Team 
[prev in list] [next in list] [prev in thread] [next in thread]