CVE-2021-23214
- Source
- https://cve.org/CVERecord?id=CVE-2021-23214
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23214.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-23214
- Aliases
- Downstream
- Related
- Published
- 2022-03-04T16:15:08.293Z
- Modified
- 2026-05-07T08:31:48.323972Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "fixed": "9.6.24" }, { "introduced": "10.0" }, { "fixed": "10.19" }, { "introduced": "11.0" }, { "fixed": "11.14" }, { "introduced": "12.0" }, { "fixed": "12.9" }, { "introduced": "13.0" }, { "fixed": "13.5" } ], "source": "CPE_FIELD", "cpe": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*" }, { "extracted_events": [ { "last_affected": "14.0" } ], "source": "CPE_FIELD", "cpe": "cpe:2.3:a:postgresql:postgresql:14.0:*:*:*:*:*:*:*" }, { "extracted_events": [ { "last_affected": "1.0" } ], "source": "CPE_FIELD", "cpe": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "extracted_events": [ { "last_affected": "34" } ], "source": "CPE_FIELD", "cpe": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*" }, { "extracted_events": [ { "last_affected": "35" } ], "source": "CPE_FIELD", "cpe": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*" }, { "extracted_events": [ { "last_affected": "8.0" } ], "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "extracted_events": [ { "last_affected": "8.0" } ], "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*" }, { "extracted_events": [ { "last_affected": "8.0" } ], "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*" } ] }- References
-
- https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=28e24125541545483093819efae9bca603441951
- https://security.gentoo.org/glsa/202211-04
- https://www.postgresql.org/support/security/CVE-2021-23214/
- https://bugzilla.redhat.com/show_bug.cgi?id=2022666
- https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951
Affected packages
Git / github.com/postgres/postgres
Affected versions
Other
PG95-1_01
REL6_1
REL6_1_1
REL6_2
REL6_2_1
REL6_3
REL6_3_2
REL6_5
REL7_0
REL7_1
REL7_1_BETA
REL7_1_BETA2
REL7_1_BETA3
REL7_2
REL7_2_BETA1
REL7_2_BETA2
REL7_2_BETA3
REL7_2_BETA4
REL7_2_BETA5
REL7_2_RC1
REL7_2_RC2
REL7_4_BETA1
REL7_4_BETA2
REL7_4_BETA3
REL7_4_BETA4
REL7_4_BETA5
REL7_4_RC1
REL8_0_0
REL8_0_0BETA1
REL8_0_0BETA2
REL8_0_0BETA3
REL8_0_0BETA4
REL8_0_0BETA5
REL8_0_0RC1
REL8_0_0RC2
REL8_0_0RC3
REL8_0_0RC4
REL8_0_0RC5
REL8_1_0
REL8_1_0BETA1
REL8_1_0BETA2
REL8_1_0BETA3
REL8_1_0BETA4
REL8_1_0RC1
REL8_2_0
REL8_2_BETA1
REL8_2_BETA2
REL8_2_BETA3
REL8_2_RC1
REL8_3_0
REL8_3_BETA1
REL8_3_BETA2
REL8_3_BETA3
REL8_3_BETA4
REL8_3_RC1
REL8_3_RC2
REL8_4_0
REL8_4_BETA1
REL8_4_BETA2
REL8_4_RC1
REL8_4_RC2
REL9_0_ALPHA5
REL9_0_BETA1
REL9_0_BETA2
REL9_0_BETA3
REL9_1_ALPHA1
REL9_1_ALPHA2
REL9_1_ALPHA3
REL9_1_ALPHA4
REL9_1_ALPHA5
REL9_1_BETA1
REL9_1_BETA2
REL9_2_BETA1
REL9_2_BETA2
REL9_3_BETA1
REL9_4_BETA1
REL9_5_ALPHA1
REL9_6_BETA1
REL9_6_BETA2
REL9_6_BETA3
REL9_6_BETA4
REL_10_BETA1
REL_10_BETA2
REL_10_BETA3
REL_11_BETA1
REL_11_BETA2
REL_12_BETA1
REL_12_BETA2
REL_13_BETA1
REL_14_BETA1
REL_14_BETA2
Release_1_0_2
Release_2_0
Release_2_0_0
release-6-3
Database specific
vanir_signatures_modified
"2026-05-07T08:31:48Z"
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-23214-105eea8c",
"signature_version": "v1",
"digest": {
"function_hash": "3811890202093623500044753568135729362",
"length": 6502.0
},
"source": "https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951",
"target": {
"file": "src/backend/postmaster/postmaster.c",
"function": "ProcessStartupPacket"
}
},
{
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-23214-55642aa1",
"signature_version": "v1",
"digest": {
"line_hashes": [
"144879391767781558536346253203041229101",
"143909272608489929547646403088676984859",
"165740410277193971204068639552488249268",
"152409958841785490640372562688845117313",
"234706297917235548429385406617794107408",
"11828208314494370596831837586978750783"
],
"threshold": 0.9
},
"source": "https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951",
"target": {
"file": "src/backend/postmaster/postmaster.c"
}
},
{
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-23214-a802c310",
"signature_version": "v1",
"digest": {
"line_hashes": [
"257279594944366299067624145088475835974",
"188038483610294623053840785400255306180",
"333524964208957746553278214859551397688"
],
"threshold": 0.9
},
"source": "https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951",
"target": {
"file": "src/backend/libpq/pqcomm.c"
}
},
{
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-23214-ee44c440",
"signature_version": "v1",
"digest": {
"line_hashes": [
"269875017630651410691849837907292701499",
"126933090860823315927436042326420265172",
"127112800835486014972045098290616986500",
"168426345693575339352762023412076698426"
],
"threshold": 0.9
},
"source": "https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951",
"target": {
"file": "src/include/libpq/libpq.h"
}
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23214.json"