CVE-2024-10977

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-10977
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10977.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-10977
Aliases
Downstream
Related
Published
2024-11-14T13:15:04.023Z
Modified
2026-02-03T08:03:33.679460Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

References

Affected packages

Git / git.postgresql.org/git/postgresql.git

Affected ranges

Type
GIT
Repo
https://git.postgresql.org/git/postgresql.git
Events
Introduced
2a7ce2e2ce474504a707ec03e128fde66cfb8b48
Fixed
0c53d54c812cea0d840490fd107910ed949e18c2
Introduced
ad1f2885b8c82e0c2d56d7974f012cbecce17a17
Fixed
20a82026828536331ebe912b86f060078a173633
Introduced
29be9983a64c011eac0b9ee29895cce71e15ea77
Fixed
64ecc00908b7557afa911c15bb342ff06845bb19
Introduced
86a4dc1e6f29d1992a2afa3fac1a0b0a6e84568c
Fixed
8abd1324049759c1cbd81a4793c470a4f43e1fdb
Introduced
c372fbbd8e911f2412b80a8c39d7079366565d67
Fixed
8c9d34cdc4d213a57fa8b8a7197f7d6f22fca4c9

Affected versions

Other
REL_12_0
REL_12_1
REL_12_10
REL_12_11
REL_12_12
REL_12_13
REL_12_14
REL_12_15
REL_12_16
REL_12_17
REL_12_18
REL_12_19
REL_12_2
REL_12_20
REL_12_3
REL_12_4
REL_12_5
REL_12_6
REL_12_7
REL_12_8
REL_12_9
REL_13_0
REL_13_1
REL_13_10
REL_13_11
REL_13_12
REL_13_13
REL_13_14
REL_13_15
REL_13_16
REL_13_2
REL_13_3
REL_13_4
REL_13_5
REL_13_6
REL_13_7
REL_13_8
REL_13_9
REL_14_0
REL_14_1
REL_14_10
REL_14_11
REL_14_12
REL_14_13
REL_14_2
REL_14_3
REL_14_4
REL_14_5
REL_14_6
REL_14_7
REL_14_8
REL_14_9
REL_15_0
REL_15_1
REL_15_2
REL_15_3
REL_15_4
REL_15_5
REL_15_6
REL_15_7
REL_15_8
REL_16_0
REL_16_1
REL_16_2
REL_16_3
REL_16_4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10977.json"