CVE-2021-23214

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-23214
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23214.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-23214
Aliases
Downstream
Related
Published
2022-03-04T16:15:08Z
Modified
2025-10-13T10:41:42.072599Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

References

Affected packages

Git / github.com/postgres/postgres

Affected ranges

Type
GIT
Repo
https://github.com/postgres/postgres
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
28e24125541545483093819efae9bca603441951

Affected versions

Other

PG95-1_01
REL6_1
REL6_1_1
REL6_2
REL6_2_1
REL6_3
REL6_3_2
REL6_5
REL7_0
REL7_1
REL7_1_BETA
REL7_1_BETA2
REL7_1_BETA3
REL7_2
REL7_2_BETA1
REL7_2_BETA2
REL7_2_BETA3
REL7_2_BETA4
REL7_2_BETA5
REL7_2_RC1
REL7_2_RC2
REL7_4_BETA1
REL7_4_BETA2
REL7_4_BETA3
REL7_4_BETA4
REL7_4_BETA5
REL7_4_RC1
REL8_0_0
REL8_0_0BETA1
REL8_0_0BETA2
REL8_0_0BETA3
REL8_0_0BETA4
REL8_0_0BETA5
REL8_0_0RC1
REL8_0_0RC2
REL8_0_0RC3
REL8_0_0RC4
REL8_0_0RC5
REL8_1_0
REL8_1_0BETA1
REL8_1_0BETA2
REL8_1_0BETA3
REL8_1_0BETA4
REL8_1_0RC1
REL8_2_0
REL8_2_BETA1
REL8_2_BETA2
REL8_2_BETA3
REL8_2_RC1
REL8_3_0
REL8_3_BETA1
REL8_3_BETA2
REL8_3_BETA3
REL8_3_BETA4
REL8_3_RC1
REL8_3_RC2
REL8_4_0
REL8_4_BETA1
REL8_4_BETA2
REL8_4_RC1
REL8_4_RC2
REL9_0_ALPHA5
REL9_0_BETA1
REL9_0_BETA2
REL9_0_BETA3
REL9_1_ALPHA1
REL9_1_ALPHA2
REL9_1_ALPHA3
REL9_1_ALPHA4
REL9_1_ALPHA5
REL9_1_BETA1
REL9_1_BETA2
REL9_2_BETA1
REL9_2_BETA2
REL9_3_BETA1
REL9_4_BETA1
REL9_5_ALPHA1
REL9_6_BETA1
REL9_6_BETA2
REL9_6_BETA3
REL9_6_BETA4
REL_10_BETA1
REL_10_BETA2
REL_10_BETA3
REL_11_BETA1
REL_11_BETA2
REL_12_BETA1
REL_12_BETA2
REL_13_BETA1
REL_14_BETA1
REL_14_BETA2
Release_1_0_2
Release_2_0
Release_2_0_0
release-6-3

Database specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "id": "CVE-2021-23214-105eea8c",
            "signature_version": "v1",
            "digest": {
                "length": 6502.0,
                "function_hash": "3811890202093623500044753568135729362"
            },
            "signature_type": "Function",
            "target": {
                "function": "ProcessStartupPacket",
                "file": "src/backend/postmaster/postmaster.c"
            },
            "source": "https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951"
        },
        {
            "deprecated": false,
            "id": "CVE-2021-23214-55642aa1",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "144879391767781558536346253203041229101",
                    "143909272608489929547646403088676984859",
                    "165740410277193971204068639552488249268",
                    "152409958841785490640372562688845117313",
                    "234706297917235548429385406617794107408",
                    "11828208314494370596831837586978750783"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "target": {
                "file": "src/backend/postmaster/postmaster.c"
            },
            "source": "https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951"
        },
        {
            "deprecated": false,
            "id": "CVE-2021-23214-a802c310",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "257279594944366299067624145088475835974",
                    "188038483610294623053840785400255306180",
                    "333524964208957746553278214859551397688"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "target": {
                "file": "src/backend/libpq/pqcomm.c"
            },
            "source": "https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951"
        },
        {
            "deprecated": false,
            "id": "CVE-2021-23214-ee44c440",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "269875017630651410691849837907292701499",
                    "126933090860823315927436042326420265172",
                    "127112800835486014972045098290616986500",
                    "168426345693575339352762023412076698426"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "target": {
                "file": "src/include/libpq/libpq.h"
            },
            "source": "https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951"
        }
    ]
}