PostgreSQL CVE-2017-7485 Arbitrary Code Execution Vulnerability

description-logoDescription

It was discovered that the PostgreSQL client library (libpq) did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.

affected-products-logoAffected Applications

PostgreSQL

CVE References

CVE-2017-7485