Vulnerability Database
296,733
Total vulnerabilities in the database
CVE-2024-10977
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
| Software | From | Fixed in |
|---|---|---|
| postgresql / postgresql | 16.0 | 16.5 |
| postgresql / postgresql | 15.0 | 15.9 |
| postgresql / postgresql | 14.0 | 14.14 |
| postgresql / postgresql | 13.0 | 13.17 |
| postgresql / postgresql | 12.0 | 12.21 |
| postgresql / postgresql | 17.0-beta2 | 17.0-beta2.x |
| postgresql / postgresql | 17.0-beta3 | 17.0-beta3.x |
| postgresql / postgresql | 17.0-rc1 | 17.0-rc1.x |
| postgresql / postgresql | 17.0 | 17.0.x |
| postgresql / postgresql | 17.0-beta1 | 17.0-beta1.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime