The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2024-10977

CVE-2024-10977: PostgreSQL Information Disclosure Flaw

CVE-2024-10977 is an information disclosure vulnerability in PostgreSQL that allows untrusted servers to send arbitrary error messages to clients, potentially misleading users. This article covers technical details, affected versions, and mitigation strategies.

Updated: January 22, 2026

CVE-2024-10977 Overview

CVE-2024-10977 is an information disclosure vulnerability affecting the PostgreSQL libpq client library. The vulnerability allows a server that is not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application through error messages. This enables man-in-the-middle attackers to send crafted long error messages that users of psql or screen-scraper applications may mistake for valid query results, potentially leading to information confusion and deception.

Critical Impact

Attackers in a man-in-the-middle position can inject misleading content into PostgreSQL client sessions by spoofing error messages, potentially causing users to misinterpret malicious data as legitimate query results.

Affected Products

  • PostgreSQL versions before 17.1
  • PostgreSQL versions before 16.5
  • PostgreSQL versions before 15.9
  • PostgreSQL versions before 14.14
  • PostgreSQL versions before 13.17
  • PostgreSQL versions before 12.21
  • PostgreSQL 17.0 (including beta and RC releases)

Discovery Timeline

  • 2024-11-14 - CVE-2024-10977 published to NVD
  • 2025-11-03 - Last updated in NVD database

Technical Details for CVE-2024-10977

Vulnerability Analysis

This vulnerability exists in the PostgreSQL libpq client library's handling of server error messages. When a client establishes a connection to a PostgreSQL server, the library processes error messages returned by the server without adequate validation of the message source's trustworthiness. In scenarios where SSL or GSS security settings are not properly enforced, an untrusted server (or an attacker impersonating a legitimate server) can send arbitrary content embedded within error messages.

The impact is primarily relevant to command-line tools like psql and automated screen-scraping applications where the boundary between error messages and legitimate query output may not be clearly delineated in the user interface. Client applications with unambiguous UI indicators separating error messages from query results are less affected by this vulnerability.

Root Cause

The root cause stems from insufficient source verification (CWE-348: Use of Less Trusted Source) and improper verification of message authenticity (CWE-345: Insufficient Verification of Data Authenticity). The libpq library accepts and displays error messages from servers without adequately verifying that the server is trusted under the current security configuration. This allows untrusted entities to inject arbitrary content into the client's display output through the error message channel.

Attack Vector

The attack requires a network-based man-in-the-middle position between the PostgreSQL client and the intended server. The attacker intercepts the connection attempt and responds with crafted error messages containing arbitrary content designed to mimic valid query results.

The attack scenario involves:

  1. The attacker positions themselves to intercept network traffic between a PostgreSQL client and server
  2. When the client initiates a connection, the attacker responds as a rogue server
  3. The attacker sends specially crafted error messages containing content that resembles legitimate query output
  4. Users viewing the output in psql or screen-scraping tools may interpret the malicious content as valid data

This attack is particularly effective against environments where SSL certificate validation is not strictly enforced or where GSS authentication is misconfigured.

Detection Methods for CVE-2024-10977

Indicators of Compromise

  • Unusual or unexpectedly long error messages from PostgreSQL servers
  • Error messages containing content that resembles valid query result formatting
  • Network traffic anomalies indicating potential man-in-the-middle interception on PostgreSQL connections (default port 5432)
  • SSL/TLS certificate warnings or unexpected certificate changes for database connections

Detection Strategies

  • Monitor network traffic for signs of connection interception or rogue server responses on PostgreSQL ports
  • Implement strict SSL certificate validation and alert on certificate mismatches or untrusted certificates
  • Review client application logs for unusual error message patterns or unexpected content in error outputs
  • Deploy network intrusion detection systems (NIDS) to identify potential MITM attack patterns

Monitoring Recommendations

  • Enable comprehensive logging on PostgreSQL client connections including SSL/GSS negotiation events
  • Implement network-level monitoring for anomalous PostgreSQL protocol traffic
  • Configure alerts for SSL certificate validation failures in database connection attempts
  • Regularly audit client-side configuration to ensure proper security settings are enforced

How to Mitigate CVE-2024-10977

Immediate Actions Required

  • Upgrade PostgreSQL to patched versions: 17.1, 16.5, 15.9, 14.14, 13.17, or 12.21
  • Enforce strict SSL verification mode (sslmode=verify-full) for all PostgreSQL client connections
  • Ensure proper GSS authentication configuration where applicable
  • Review and harden network security to prevent man-in-the-middle positioning

Patch Information

PostgreSQL has released security updates addressing this vulnerability. Organizations should upgrade to the following fixed versions based on their current major version:

Current VersionUpgrade To
PostgreSQL 17.x17.1 or later
PostgreSQL 16.x16.5 or later
PostgreSQL 15.x15.9 or later
PostgreSQL 14.x14.14 or later
PostgreSQL 13.x13.17 or later
PostgreSQL 12.x12.21 or later

For detailed patch information, refer to the PostgreSQL Security Advisory and the Debian LTS Announcement.

Workarounds

  • Configure sslmode=verify-full in libpq connection strings to enforce strict SSL certificate validation
  • Use client applications that clearly delineate error messages from query results in the user interface
  • Implement network segmentation to reduce exposure to man-in-the-middle attacks
  • Deploy TLS inspection at network boundaries to detect rogue server certificates
bash
# Configuration example - enforce strict SSL in libpq connection
# Set environment variable for all PostgreSQL client connections
export PGSSLMODE=verify-full
export PGSSLROOTCERT=/path/to/root/ca/certificate.crt

# Or specify in connection string
psql "host=db.example.com dbname=mydb sslmode=verify-full sslrootcert=/path/to/ca.crt"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeInformation Disclosure
  • Vendor/TechPostgresql
  • SeverityLOW
  • CVSS Score3.7
  • EPSS Probability0.38%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
  • Impact Assessment
  • ConfidentialityHigh
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-348
  • CWE-345
  • Technical References
  • Debian LTS Announcement
  • Vendor Resources
  • PostgreSQL Security Advisory
  • Related CVEs
  • CVE-2026-2003: PostgreSQL Information Disclosure Flaw
  • CVE-2023-5868: PostgreSQL Information Disclosure Flaw
  • CVE-2024-4317: PostgreSQL Information Disclosure Flaw
  • CVE-2021-32029: PostgreSQL Information Disclosure Flaw
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English