3 matches found
Vulnerability in client (CVE-2024-10977)
PostgreSQL libpq retains an error message from man-in-the-middle Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long...
USN-5645-1: PostgreSQL vulnerabilities
Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established. CVE-2021-23214 Tom Lane discovered that PostgreSQL incorrect handled...
Vulnerability in client (CVE-2021-23222)
libpq processes unencrypted bytes from man-in-the-middle A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. If more preconditions hold, the attacker can exfiltrate the client's password or othe...