In this episode we'll explore a bug in postgres.

🐶 Snyk is free forever. Sign up with my link https://snyk.co/pwnfunction

🐤 X: https://twitter.com/PwnFunction

Szymon Omieciński

HTMX

Community Picks is a section on daily.dev where our community members share the most interesting and valuable content they've discovered online. From insightful articles to handy tools, every post is a gem curated by our dedicated coomunity. To contribute to Community Picks, you need to have at least 250 reputation points, ensuring that only active and trusted members can share their finds.

Community Picks

In December 2024, state-sponsored Chinese hackers breached the US Treasury by exploiting a fundamental flaw in the PostgreSQL database via a remote support software, Beyond Trust. The vulnerability involved misinterpreting a special two-byte sequence that allowed harmful SQL injection, despite following security protocols. The flaw, discovered by researchers at Rapid7, was later patched by both Beyond Trust and PostgreSQL, highlighting the importance of constantly reviewing security measures.

2 Bytes Was Enough To Breach The US Treasury