Description

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

Remediation

References

CVE-2012-0867

Related Vulnerabilities

MySQL Resource Management Errors Vulnerability (CVE-2010-3836)

Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-1899)

Squid Improper Input Validation Vulnerability (CVE-2009-2622)

Oracle Database Server CVE-2020-2515 Vulnerability (CVE-2020-2515)

GlassFish CVE-2017-3249 Vulnerability (CVE-2017-3249)

Severity

Medium

Classification

CVE-2012-0867 CWE-295

Tags

Missing Update Known Vulnerabilities