VYPR
Critical severity9.8NVD Advisory· Published Jul 4, 2017· Updated Jun 17, 2026

CVE-2017-10804

CVE-2017-10804

Description

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • Odcms/Odoo5 versions
    cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*+ 4 more
    • cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*
    • cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*
    • cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*
  • Psycopg/psycopg2llm-fuzzy
    Range: <2.6.3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.