How severe is CVE-2024-10977?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2024-10977?

This is classified as CWE-348, which is a common weakness in software security.

CVE-2024-10977 - LOW Severity | CVSS 3.7

Vulnerability Description

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

Related Vulnerabilities

CVE-2025-24856

MEDIUM

CVSS:4.2(Medium)

An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The atta...

CWE-3482025

CVE-2022-44593

MEDIUM

CVSS:5.3(Medium)

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1.

CWE-3482022

CVE-2022-4529

MEDIUM

CVSS:5.3(Medium)

The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Ad...

CWE-3482022

CVE-2022-4533

MEDIUM

CVSS:5.3(Medium)

The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address inform...

CWE-3482022

CVE-2022-4534

MEDIUM

CVSS:5.3(Medium)

The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Add...

CWE-3482022

CVE-2022-4536

MEDIUM

CVSS:5.3(Medium)

The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information...

CWE-3482022