CVE-2021-23214

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-23214
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23214.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-23214
Aliases
Downstream
Related
Published
2022-03-04T16:15:08.293Z
Modified
2026-02-20T02:31:58.920159Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

References

Affected packages

Git / github.com/postgres/postgres

Affected ranges

Type
GIT
Repo
https://github.com/postgres/postgres
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a4116b8d5a4f68803452d8f1aa3f74f302049a90
Introduced
19f20081df059fef87e14c8e953669bd173dd7f1
Fixed
7f05af399052dab32c28c253fa891dc1e8b4224b
Introduced
29be9983a64c011eac0b9ee29895cce71e15ea77
Fixed
084346ccee8ead6b387a90cdf6a29036ae9ec77e
Introduced
5df0e99bea1c3e5fbffa7fbd0982da88ea149bb6
Fixed
477008d10fb5a024038ed23f0beba901f1f47ae2
Introduced
ad1f2885b8c82e0c2d56d7974f012cbecce17a17
Fixed
8a94efd9bb71c2d5473836ce4899aedb9b4cfb2e

Affected versions

Other
REL_10_0
REL_10_1
REL_10_10
REL_10_11
REL_10_12
REL_10_13
REL_10_14
REL_10_15
REL_10_16
REL_10_17
REL_10_18
REL_10_2
REL_10_3
REL_10_4
REL_10_5
REL_10_6
REL_10_7
REL_10_8
REL_10_9
REL_11_0
REL_11_1
REL_11_10
REL_11_11
REL_11_12
REL_11_13
REL_11_2
REL_11_3
REL_11_4
REL_11_5
REL_11_6
REL_11_7
REL_11_8
REL_11_9
REL_12_0
REL_12_1
REL_12_2
REL_12_3
REL_12_4
REL_12_5
REL_12_6
REL_12_7
REL_12_8
REL_13_0
REL_13_1
REL_13_2
REL_13_3
REL_13_4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23214.json"