PostgreSQL Server Error Message Vulnerability Affects Multiple Versions
CVE-2024-10977
3.7LOW
What is CVE-2024-10977?
A vulnerability in PostgreSQL allows a compromised server, when using inadequate SSL or GSS settings, to serve arbitrary non-NUL bytes to the libpq application. This can mislead users or automated scripts into thinking that they received valid query results instead of error messages. Particularly in environments where the user interface does not clearly delineate between error messages and other text, this could lead to confusion and potentially exploit opportunities for attackers. Affected versions include those earlier than PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21.