CVE-2021-23214
- Source
- https://cve.org/CVERecord?id=CVE-2021-23214
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23214.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-23214
- Aliases
- Downstream
- Related
- Published
- 2022-03-04T16:15:08.293Z
- Modified
- 2026-03-10T23:25:37.580699Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
- References
-
- https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=28e24125541545483093819efae9bca603441951
- https://security.gentoo.org/glsa/202211-04
- https://www.postgresql.org/support/security/CVE-2021-23214/
- https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951
- https://bugzilla.redhat.com/show_bug.cgi?id=2022666
Affected packages
Git / github.com/postgres/postgres
Affected ranges
- Type
- GIT
- Repo
- https://github.com/postgres/postgres
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "9.6.24" }, { "introduced": "10.0" }, { "fixed": "10.19" }, { "introduced": "11.0" }, { "fixed": "11.14" }, { "introduced": "12.0" }, { "fixed": "12.9" }, { "introduced": "13.0" }, { "fixed": "13.5" }, { "introduced": "0" }, { "last_affected": "14.0" }, { "introduced": "0" }, { "last_affected": "1.0" }, { "introduced": "0" }, { "last_affected": "8.0" }, { "introduced": "0" }, { "last_affected": "8.0" }, { "introduced": "0" }, { "last_affected": "8.0" } ] }
Affected versions
Other
REL_10_0
REL_10_1
REL_10_10
REL_10_11
REL_10_12
REL_10_13
REL_10_14
REL_10_15
REL_10_16
REL_10_17
REL_10_18
REL_10_2
REL_10_3
REL_10_4
REL_10_5
REL_10_6
REL_10_7
REL_10_8
REL_10_9
REL_11_0
REL_11_1
REL_11_10
REL_11_11
REL_11_12
REL_11_13
REL_11_2
REL_11_3
REL_11_4
REL_11_5
REL_11_6
REL_11_7
REL_11_8
REL_11_9
REL_12_0
REL_12_1
REL_12_2
REL_12_3
REL_12_4
REL_12_5
REL_12_6
REL_12_7
REL_12_8
REL_13_0
REL_13_1
REL_13_2
REL_13_3
REL_13_4
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23214.json"
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "3811890202093623500044753568135729362",
"length": 6502.0
},
"source": "https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951",
"signature_type": "Function",
"id": "CVE-2021-23214-105eea8c",
"target": {
"file": "src/backend/postmaster/postmaster.c",
"function": "ProcessStartupPacket"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"144879391767781558536346253203041229101",
"143909272608489929547646403088676984859",
"165740410277193971204068639552488249268",
"152409958841785490640372562688845117313",
"234706297917235548429385406617794107408",
"11828208314494370596831837586978750783"
]
},
"source": "https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951",
"signature_type": "Line",
"id": "CVE-2021-23214-55642aa1",
"target": {
"file": "src/backend/postmaster/postmaster.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"257279594944366299067624145088475835974",
"188038483610294623053840785400255306180",
"333524964208957746553278214859551397688"
]
},
"source": "https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951",
"signature_type": "Line",
"id": "CVE-2021-23214-a802c310",
"target": {
"file": "src/backend/libpq/pqcomm.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"269875017630651410691849837907292701499",
"126933090860823315927436042326420265172",
"127112800835486014972045098290616986500",
"168426345693575339352762023412076698426"
]
},
"source": "https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951",
"signature_type": "Line",
"id": "CVE-2021-23214-ee44c440",
"target": {
"file": "src/include/libpq/libpq.h"
}
}
]
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "34"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "35"
}
]
}
]