PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-07-18T23:00:00
Updated: 2024-08-06T18:38:14.829Z
Reserved: 2012-01-19T00:00:00
Link: CVE-2012-0867
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-07-18T23:55:01.827
Modified: 2024-11-21T01:35:52.483
Link: CVE-2012-0867
Redhat