CVE-2021-23222

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-23222
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23222.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-23222
Aliases
Downstream
Related
Published
2022-03-02T23:15:08.517Z
Modified
2026-03-23T05:05:35.701327130Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

References

Affected packages

Git / github.com/postgres/postgres

Affected ranges

Type
GIT
Repo
https://github.com/postgres/postgres
Events
Introduced
a721a1ba9cf6c86cb52f1bf325d5a27b64e870d6
Fixed
a4116b8d5a4f68803452d8f1aa3f74f302049a90
Introduced
5df0e99bea1c3e5fbffa7fbd0982da88ea149bb6
Fixed
477008d10fb5a024038ed23f0beba901f1f47ae2
Introduced
19f20081df059fef87e14c8e953669bd173dd7f1
Fixed
7f05af399052dab32c28c253fa891dc1e8b4224b
Introduced
ad1f2885b8c82e0c2d56d7974f012cbecce17a17
Fixed
8a94efd9bb71c2d5473836ce4899aedb9b4cfb2e
Introduced
29be9983a64c011eac0b9ee29895cce71e15ea77
Fixed
084346ccee8ead6b387a90cdf6a29036ae9ec77e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
86a4dc1e6f29d1992a2afa3fac1a0b0a6e84568c
Fixed
160c0258802d10b0600d7671b1bbea55d8e17d45
Database specific 
{
    "versions": [
        {
            "introduced": "9.6"
        },
        {
            "fixed": "9.6.24"
        },
        {
            "introduced": "10.0"
        },
        {
            "fixed": "10.19"
        },
        {
            "introduced": "11.0"
        },
        {
            "fixed": "11.14"
        },
        {
            "introduced": "12.0"
        },
        {
            "fixed": "12.9"
        },
        {
            "introduced": "13.0"
        },
        {
            "fixed": "13.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.0"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23222.json"
vanir_signatures 
[
    {
        "signature_type": "Line",
        "id": "CVE-2021-23222-e1be026c",
        "source": "https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45",
        "target": {
            "file": "src/interfaces/libpq/fe-connect.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "10037443517696866748761392046871582022",
                "325675312630126864791861414191520860108",
                "248756423465337085234785710824740055381",
                "219130724463359041405235398817575440371",
                "18312600838351471896985731433715124179",
                "29813103265162816138856506205737681509",
                "248756423465337085234785710824740055381",
                "219130724463359041405235398817575440371"
            ]
        }
    },
    {
        "signature_type": "Function",
        "id": "CVE-2021-23222-f5ed594b",
        "source": "https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45",
        "target": {
            "function": "PQconnectPoll",
            "file": "src/interfaces/libpq/fe-connect.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "218920273742902448943626208937972612244",
            "length": 22472.0
        }
    }
]