vulnerability
FreeBSD: VID-a61ef21b-a29e-11ef-af48-6cc21735f730 (CVE-2024-10977): PostgreSQL -- libpq retains an error message from man-in-the-middle
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:H/Au:N/C:N/I:P/A:N) | Nov 14, 2024 | Nov 15, 2024 | Dec 10, 2025 |
Severity
3
CVSS
(AV:N/AC:H/Au:N/C:N/I:P/A:N)
Published
Nov 14, 2024
Added
Nov 15, 2024
Modified
Dec 10, 2025
Description
PostgreSQL project reports: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text.
Solutions
freebsd-upgrade-package-postgresql17-clientfreebsd-upgrade-package-postgresql16-clientfreebsd-upgrade-package-postgresql15-clientfreebsd-upgrade-package-postgresql14-clientfreebsd-upgrade-package-postgresql13-clientfreebsd-upgrade-package-postgresql12-client
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.