CVE-2012-0867
Public on 2012-05-23
Modified on 2014-09-14
Description
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | postgresql8 | 2012-05-23 | ALAS-2012-82 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 3.6 | AV:N/AC:H/Au:S/C:P/I:P/A:N |
| NVD | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:P/A:N |