Project

General

Profile

Actions
Copy link

Security #6411

closed
PA PA

pgsql: quadratic complexity leads to over consumption of memory

Security #6411: pgsql: quadratic complexity leads to over consumption of memory

Added by Philippe Antoine over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Affected Versions:
7.0.1
Label:
CVE:
2024-23835
Git IDs:

f52c033e566beafb4480c139eb18662a2870464f
86de7cffa7e8f06fe9d600127e7dabe89c7e81dd

Severity:
HIGH
Disclosure Date:
01/15/2024

Description

found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63338

Severity to evaluate

Subtasks 1 (0 open1 closed)

Security #6536: pgsql: quadratic complexity leads to over consumption of memory (7.0.x backport)ClosedJuliana Fajardini ReichowActions

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #6080: pgsql/probe: TCP on 5432 traffic incorrectly tagged as PGSQL ClosedJuliana Fajardini ReichowActions

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
 #1

  • Target version changed from 7.0.2 to 7.0.3

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
 #2

  • Status changed from New to In Review

Gitlab MR

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
 #3

  • Related to Bug #6080: pgsql/probe: TCP on 5432 traffic incorrectly tagged as PGSQL added

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
 #4

  • Target version changed from 7.0.3 to 8.0.0-beta1
  • Label Needs backport to 7.0 added

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
 #5

  • Subtask #6536 added

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
 #6

  • Label deleted (Needs backport to 7.0)

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
 #7

  • Disclosure Date set to 01/15/2024

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
 #8

  • Severity changed from MODERATE to HIGH

HIGH as protocol is not enabled by default.

VJ Updated by Victor Julien about 2 years ago Actions
Copy link
 #9

  • CVE set to 2024-23835

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
 #10

  • Status changed from In Review to Resolved

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
 #11

  • Status changed from Resolved to Closed
  • Git IDs updated (diff)

VJ Updated by Victor Julien about 2 years ago Actions
Copy link
 #12

  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom