← Back

CVE-2012-0867

nvd nist
Published: Jul 18, 2012Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

Affected (32)

Show all products
Opensuse Project: Opensuse · Postgresql: Postgresql · Debian: Debian Linux · Redhat: Desktop Workstation, Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Workstation
Opensuse Project
1 product
Opensuse
Postgresql
1 product
Postgresql
Debian
1 product
Debian Linux
Redhat
8 products
Desktop Workstation
Enterprise Linux
Enterprise Linux Desktop
Enterprise Linux Hpc Node
Enterprise Linux Server
Enterprise Linux Server Aus
Enterprise Linux Server Eus
Enterprise Linux Workstation
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Version 12.2
Configuration B
11 vulnerable
Vulnerable SoftwareAffected Versions
Postgresql
Postgresql
Version 8.4.10
Postgresql
Version 8.4.1
Postgresql
Version 8.4.2
Postgresql
Version 8.4.3
Postgresql
Version 8.4.4
Postgresql
Version 8.4.5
Postgresql
Version 8.4.6
Postgresql
Version 8.4.7
Postgresql
Version 8.4.8
Postgresql
Version 8.4.9
Postgresql
Version 8.4
Configuration C
7 vulnerable
Vulnerable SoftwareAffected Versions
Postgresql
Postgresql
Version 9.0.1
Postgresql
Version 9.0.2
Postgresql
Version 9.0.3
Postgresql
Version 9.0.4
Postgresql
Version 9.0.5
Postgresql
Version 9.0.6
Postgresql
Version 9.0
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 6.0
Configuration E
9 vulnerable
Vulnerable SoftwareAffected Versions
Desktop Workstation
Version 5
Enterprise Linux
Version 5.0
Redhat
Enterprise Linux Desktop
Version 5.0
Enterprise Linux Desktop
Version 6.0
Enterprise Linux Hpc Node
Version 6.0
Enterprise Linux Server
Version 6.0
Enterprise Linux Server Aus
Version 6.2
Enterprise Linux Server Eus
Version 6.2.z
Enterprise Linux Workstation
Version 6.0
Configuration F
3 vulnerable
Vulnerable SoftwareAffected Versions
Postgresql
Postgresql
Version 9.1.1
Postgresql
Version 9.1.2
Postgresql
Version 9.1

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References (18)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Release NotesVendor Advisory
Source: secalert@redhat.com
Release NotesVendor Advisory
Source: secalert@redhat.com
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory

Timeline

No history available yet.