Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-10977

Опубликовано: 14 нояб. 2024
Источник: nvd
CVSS3: 3.1
CVSS3: 3.7
EPSS Низкий

Описание

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Версия от 12.0 (включая) до 12.21 (исключая)
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Версия от 13.0 (включая) до 13.17 (исключая)
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Версия от 14.0 (включая) до 14.14 (исключая)
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Версия от 15.0 (включая) до 15.9 (исключая)
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Версия от 16.0 (включая) до 16.5 (исключая)
cpe:2.3:a:postgresql:postgresql:17.0:-:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:17.0:beta1:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:17.0:beta2:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:17.0:beta3:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:17.0:rc1:*:*:*:*:*:*

EPSS

Процентиль: 21%
0.00065
Низкий

3.1 Low

CVSS3

3.7 Low

CVSS3

Дефекты

CWE-348
CWE-345

Связанные уязвимости

ubuntu логотип

CVE-2024-10977

CVSS3: 3.1
ubuntu
7 месяцев назад

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

redhat логотип

CVE-2024-10977

CVSS3: 3.1
redhat
7 месяцев назад

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

msrc логотип

CVE-2024-10977

CVSS3: 3.7
msrc
4 месяца назад

Описание отсутствует

debian логотип

CVE-2024-10977

CVSS3: 3.1
debian
7 месяцев назад

Client use of server error message in PostgreSQL allows a server not t ...

github логотип

GHSA-62q4-hc79-94qj

CVSS3: 3.1
github
7 месяцев назад

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

EPSS

Процентиль: 21%
0.00065
Низкий

3.1 Low

CVSS3

3.7 Low

CVSS3

Дефекты

CWE-348
CWE-345