CVE-2024-10977
LOWDescription
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| postgresql | postgresql |
| postgresql | postgresql |
| postgresql | postgresql |
| postgresql | postgresql |
| postgresql | postgresql |
| postgresql | postgresql |
| postgresql | postgresql |
| postgresql | postgresql |
| postgresql | postgresql |
| postgresql | postgresql |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2024-10977? +
How severe is CVE-2024-10977? +
What products are affected by CVE-2024-10977? +
How do I check if I'm vulnerable to CVE-2024-10977? +
Related Vulnerabilities
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such …
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients …
Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients …
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for …
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` command can …