- Description
- Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
- Source
- f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 3.7
- Impact score
- 1.4
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- LOW
- Hype score
- Not currently trending
CVE-2024-10977 PostgreSQL Client Exploit via Error Message Manipulation in SSL/GSS A vulnerability exists in PostgreSQL's handling of server error messages. This issue impacts versions before PostgreSQL 17.1, 16.... https://t.co/tnoWFLbu6S
@VulmonFeeds
14 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq applica… https://t.co/KFrOmnGldD
@CVEnew
14 Nov 2024
124 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "433D59A0-8811-4DDB-A9F7-D85C62F905CC",
"versionEndExcluding": "12.21",
"versionStartIncluding": "12.0"
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "380F8048-FBE5-4606-93A3-915CFD229317",
"versionEndExcluding": "13.17",
"versionStartIncluding": "13.0"
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FACF31C7-3B20-4BAE-A596-9C59D67406D8",
"versionEndExcluding": "14.14",
"versionStartIncluding": "14.0"
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF12F1A2-3179-4DAC-B728-038B94954DC7",
"versionEndExcluding": "15.9",
"versionStartIncluding": "15.0"
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "353CBD91-FC28-4DA3-B79A-F4F4DC80FA93",
"versionEndExcluding": "16.5",
"versionStartIncluding": "16.0"
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "554F297F-6688-4242-9618-40A3A017D246"
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2012E2E6-9A7A-4EA8-AE7C-5CB3486CE9DA"
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "354785D4-62F8-49C6-BFE6-D7AFEF7BE28F"
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB5B99AA-AEDF-4730-824E-3A09D47B19DE"
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C88EECA-C66E-4FCF-BA4A-7581516B2471"
}
],
"operator": "OR"
}
]
}
]