CVE-2021-23222

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-23222
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23222.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-23222
Aliases
Downstream
Related
Published
2022-03-02T23:15:08Z
Modified
2025-10-13T10:41:40.142305Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

References

Affected packages

Git / github.com/postgres/postgres

Affected ranges

Type
GIT
Repo
https://github.com/postgres/postgres
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
160c0258802d10b0600d7671b1bbea55d8e17d45

Affected versions

Other

PG95-1_01
REL6_1
REL6_1_1
REL6_2
REL6_2_1
REL6_3
REL6_3_2
REL6_5
REL7_0
REL7_1
REL7_1_BETA
REL7_1_BETA2
REL7_1_BETA3
REL7_2
REL7_2_BETA1
REL7_2_BETA2
REL7_2_BETA3
REL7_2_BETA4
REL7_2_BETA5
REL7_2_RC1
REL7_2_RC2
REL7_4_BETA1
REL7_4_BETA2
REL7_4_BETA3
REL7_4_BETA4
REL7_4_BETA5
REL7_4_RC1
REL8_0_0
REL8_0_0BETA1
REL8_0_0BETA2
REL8_0_0BETA3
REL8_0_0BETA4
REL8_0_0BETA5
REL8_0_0RC1
REL8_0_0RC2
REL8_0_0RC3
REL8_0_0RC4
REL8_0_0RC5
REL8_1_0
REL8_1_0BETA1
REL8_1_0BETA2
REL8_1_0BETA3
REL8_1_0BETA4
REL8_1_0RC1
REL8_2_0
REL8_2_BETA1
REL8_2_BETA2
REL8_2_BETA3
REL8_2_RC1
REL8_3_0
REL8_3_BETA1
REL8_3_BETA2
REL8_3_BETA3
REL8_3_BETA4
REL8_3_RC1
REL8_3_RC2
REL8_4_0
REL8_4_BETA1
REL8_4_BETA2
REL8_4_RC1
REL8_4_RC2
REL9_0_ALPHA5
REL9_0_BETA1
REL9_0_BETA2
REL9_0_BETA3
REL9_1_ALPHA1
REL9_1_ALPHA2
REL9_1_ALPHA3
REL9_1_ALPHA4
REL9_1_ALPHA5
REL9_1_BETA1
REL9_1_BETA2
REL9_2_BETA1
REL9_2_BETA2
REL9_3_BETA1
REL9_4_BETA1
REL9_5_ALPHA1
REL9_6_BETA1
REL9_6_BETA2
REL9_6_BETA3
REL9_6_BETA4
REL_10_BETA1
REL_10_BETA2
REL_10_BETA3
REL_11_BETA1
REL_11_BETA2
REL_12_BETA1
REL_12_BETA2
REL_13_BETA1
REL_14_BETA1
REL_14_BETA2
Release_1_0_2
Release_2_0
Release_2_0_0
release-6-3

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "10037443517696866748761392046871582022",
                    "325675312630126864791861414191520860108",
                    "248756423465337085234785710824740055381",
                    "219130724463359041405235398817575440371",
                    "18312600838351471896985731433715124179",
                    "29813103265162816138856506205737681509",
                    "248756423465337085234785710824740055381",
                    "219130724463359041405235398817575440371"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2021-23222-e1be026c",
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "src/interfaces/libpq/fe-connect.c"
            },
            "source": "https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45"
        },
        {
            "digest": {
                "length": 22472.0,
                "function_hash": "218920273742902448943626208937972612244"
            },
            "id": "CVE-2021-23222-f5ed594b",
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "function": "PQconnectPoll",
                "file": "src/interfaces/libpq/fe-connect.c"
            },
            "source": "https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45"
        }
    ]
}