CVE-2012-0867
Description
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
Risk Information
Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.051
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2012-0866,CVE-2012-0867,CVE-2012-0868 are affected in Postgresql 9.1.2 | Windows |
| Vulnerabilities CVE-2012-0868,CVE-2012-0867,CVE-2012-0866 are fixed in PostgreSQL 9.1.3 | Windows |
| Vulnerabilities CVE-2012-0868,CVE-2012-0867,CVE-2012-0866 are fixed in PostgreSQL 9.0.7 | Windows |
| Vulnerabilities CVE-2012-0868,CVE-2012-0867,CVE-2012-0866 are fixed in PostgreSQL 8.4.11 | Windows |
| Vulnerability CVE-2012-0866,CVE-2012-0867,CVE-2012-0868 are affected in Postgresql 9.1.2 (For Linux) | Linux |
| Vulnerabilities CVE-2012-0868,CVE-2012-0867,CVE-2012-0866 are fixed in PostgreSQL 9.1.3 (For Linux) | Linux |
| Vulnerabilities CVE-2012-0868,CVE-2012-0867,CVE-2012-0866 are fixed in PostgreSQL 9.0.7 (For Linux) | Linux |
| Vulnerabilities CVE-2012-0868,CVE-2012-0867,CVE-2012-0866 are fixed in PostgreSQL 8.4.11 (For Linux) | Linux |
| Postgresql-server update (ELSA-2024-10882) postgresql-server-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-pltcl update (ELSA-2024-10882) postgresql-pltcl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plpython update (ELSA-2024-10882) postgresql-plpython-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plperl update (ELSA-2024-10882) postgresql-plperl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-docs update (ELSA-2024-10882) postgresql-docs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-contrib update (ELSA-2024-10882) postgresql-contrib-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-test update (ELSA-2024-10882) postgresql-test-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234