The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."
Debian Linux Security Advisory 2533-1 - It was discovered that Performance Co-Pilot (pcp), a framework for performance monitoring, contains several vulnerabilities.