Denial of Service Vulnerability in PgBouncer Software by PgBouncer Team
CVE-2015-4054

7.5HIGH

Key Information:

Vendor

Pgbouncer

Status
Pgbouncer
Vendor
CVE Published:
23 May 2017

What is CVE-2015-4054?

A vulnerability in PgBouncer prior to version 1.5.5 allows remote attackers to exploit the application by sending a password packet before a startup packet, leading to a denial of service condition. This issue can cause a NULL pointer dereference, resulting in a crash of the PgBouncer service, thereby disrupting the operation of dependent applications and services.

References

https://github.com/pgbouncer/pgbouncer/commit/edab5be6665...
x_refsource_CONFIRM
https://github.com/pgbouncer/pgbouncer/commit/74d6e5f7de5...
x_refsource_CONFIRM
https://pgbouncer.github.io/changelog.html#pgbouncer-15x
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.