CVE-2017-10804
N/A
N/A
Summary
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/odoo/odoo/issues/17914
- http://initd.org/psycopg/docs/news.html#what-s-new-in-psycopg-2-6-3
- https://github.com/psycopg/psycopg2/issues/420
References
- https://github.com/odoo/odoo/issues/17914
- http://initd.org/psycopg/docs/news.html#what-s-new-in-psycopg-2-6-3
- https://github.com/psycopg/psycopg2/issues/420
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.