Unrated severityNVD Advisory· Published Jul 18, 2012· Updated Jun 16, 2026
CVE-2012-0867
CVE-2012-0867
Description
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
36cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*
- (no CPE)range: before 8.4.11, before 9.0.7, before 9.1.3
- cpe:2.3:o:redhat:desktop_workstation:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.2.z:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- osv-coords3 versionspkg:rpm/opensuse/postgresql93&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql94&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql95&distro=openSUSE%20Tumbleweed
< 9.3.15-1.1+ 2 more
- (no CPE)range: < 9.3.15-1.1
- (no CPE)range: < 9.4.10-1.1
- (no CPE)range: < 9.5.4-1.2
Patches
Vulnerability mechanics
References
9- lists.opensuse.org/opensuse-updates/2012-09/msg00060.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-0678.htmlnvdThird Party Advisory
- www.debian.org/security/2012/dsa-2418nvdThird Party Advisory
- www.postgresql.org/about/news/1377/nvdVendor Advisory
- www.postgresql.org/docs/8.4/static/release-8-4-11.htmlnvdRelease NotesVendor Advisory
- www.postgresql.org/docs/9.0/static/release-9-0-7.htmlnvdRelease NotesVendor Advisory
- www.postgresql.org/docs/9.1/static/release-9-1-3.htmlnvdRelease NotesVendor Advisory
- www.mandriva.com/security/advisoriesnvdBroken Link
- secunia.com/advisories/49273nvd
News mentions
0No linked articles in our index yet.