3.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-10977

GHSA ID

GHSA-62q4-hc79-94qj

EPSS Score

0.15952%

CWE

CWE-345

Published

11/14/2024

Updated

2/20/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-10977

CVE-2024-10977: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or...

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

(GitHub Advisory)

3.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-10977

GHSA ID

GHSA-62q4-hc79-94qj

EPSS Score

0.15952%

CWE

CWE-345

Published

11/14/2024

Updated

2/20/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

*li*nt us* o* s*rv*r *rror m*ss*** in Post*r*SQL *llows * s*rv*r not trust** un**r *urr*nt SSL or *SS s*ttin*s to *urnis* *r*itr*ry non-NUL *yt*s to t** li*pq *ppli**tion. *or *x*mpl*, * m*n-in-t**-mi**l* *tt**k*r *oul* s*n* * lon* *rror m*ss*** t**

Reasoning

No *n*lysis *v*il**l*

3.1

Basic Information

Concerned about an active attack path?

CVE-2024-10977: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or...

3.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI