CVE-2021-23222

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-23222
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23222.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-23222
Aliases
Downstream
Related
Published
2022-03-02T23:15:08.517Z
Modified
2026-02-05T21:37:42.910781Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

References

Affected packages

Git / github.com/postgres/postgres

Affected ranges

Type
GIT
Repo
https://github.com/postgres/postgres
Events
Introduced
29be9983a64c011eac0b9ee29895cce71e15ea77
Fixed
084346ccee8ead6b387a90cdf6a29036ae9ec77e
Fixed
160c0258802d10b0600d7671b1bbea55d8e17d45
Introduced
5df0e99bea1c3e5fbffa7fbd0982da88ea149bb6
Fixed
477008d10fb5a024038ed23f0beba901f1f47ae2
Introduced
19f20081df059fef87e14c8e953669bd173dd7f1
Fixed
7f05af399052dab32c28c253fa891dc1e8b4224b
Introduced
ad1f2885b8c82e0c2d56d7974f012cbecce17a17
Fixed
8a94efd9bb71c2d5473836ce4899aedb9b4cfb2e
Introduced
a721a1ba9cf6c86cb52f1bf325d5a27b64e870d6
Fixed
a4116b8d5a4f68803452d8f1aa3f74f302049a90

Affected versions

Other
REL9_6_0
REL9_6_1
REL9_6_10
REL9_6_11
REL9_6_12
REL9_6_13
REL9_6_14
REL9_6_15
REL9_6_16
REL9_6_17
REL9_6_18
REL9_6_19
REL9_6_2
REL9_6_20
REL9_6_21
REL9_6_22
REL9_6_23
REL9_6_3
REL9_6_4
REL9_6_5
REL9_6_6
REL9_6_7
REL9_6_8
REL9_6_9
REL_10_0
REL_10_1
REL_10_10
REL_10_11
REL_10_12
REL_10_13
REL_10_14
REL_10_15
REL_10_16
REL_10_17
REL_10_18
REL_10_2
REL_10_3
REL_10_4
REL_10_5
REL_10_6
REL_10_7
REL_10_8
REL_10_9
REL_11_0
REL_11_1
REL_11_10
REL_11_11
REL_11_12
REL_11_13
REL_11_2
REL_11_3
REL_11_4
REL_11_5
REL_11_6
REL_11_7
REL_11_8
REL_11_9
REL_12_0
REL_12_1
REL_12_2
REL_12_3
REL_12_4
REL_12_5
REL_12_6
REL_12_7
REL_12_8
REL_13_0
REL_13_1
REL_13_2
REL_13_3
REL_13_4

Database specific

vanir_signatures 
[
    {
        "deprecated": false,
        "source": "https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45",
        "id": "CVE-2021-23222-e1be026c",
        "target": {
            "file": "src/interfaces/libpq/fe-connect.c"
        },
        "digest": {
            "line_hashes": [
                "10037443517696866748761392046871582022",
                "325675312630126864791861414191520860108",
                "248756423465337085234785710824740055381",
                "219130724463359041405235398817575440371",
                "18312600838351471896985731433715124179",
                "29813103265162816138856506205737681509",
                "248756423465337085234785710824740055381",
                "219130724463359041405235398817575440371"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45",
        "id": "CVE-2021-23222-f5ed594b",
        "target": {
            "file": "src/interfaces/libpq/fe-connect.c",
            "function": "PQconnectPoll"
        },
        "digest": {
            "function_hash": "218920273742902448943626208937972612244",
            "length": 22472.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23222.json"