CVE-2023-31136

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-31136

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-31136.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-31136

Aliases

GHSA-9cfh-vx93-84vv

Related

GHSA-467w-rrqc-395f
GHSA-735f-7qx4-jqq5
GHSA-9cfh-vx93-84vv

Published

2023-05-09T13:37:38Z

Modified

2025-11-07T11:49:13.573922Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

PostgresNIO processes unencrypted bytes from man-in-the-middle

Details

PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users.

Database specific

{
    "cwe_ids": [
        "CWE-522"
    ]
}

References

Affected packages

Git / github.com/apple/swift-nio

Affected ranges

Type

GIT

Repo

https://github.com/apple/swift-nio

Events

Introduced

Fixed

8da5c5a4e6c5084c296b9f39dc54f00be146e0fa

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.14.2"
        }
    ]
}

Affected versions

1.*

1.0.0

1.1.0

1.10.0

1.11.0

1.12.0

1.12.1

1.13.0

1.13.1

1.13.2

1.14.0

1.14.1

1.2.0

1.2.1

1.3.0

1.3.1

1.4.0

1.4.1

1.4.2

1.5.0

1.5.1

1.6.0

1.6.1

1.7.0

1.7.1

1.7.2

1.8.0

1.9.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "63393535627918847130796560711169093024",
                "82655256347451822162731329373959015113",
                "179249513482062037695078286747817197826",
                "318017334818399421277588859592059005913",
                "186085865732617840691971781914966152803",
                "275250936765364433668388759631101261663",
                "214599616354888710670300630140594669211",
                "70597668857786334574536311930096397008",
                "280607997954239078619926090393795258399",
                "195583906662897901827246976816216807923",
                "141029735936775828541994707854001103050",
                "303391544996454625957067598074987419047",
                "259967345654193743391375644893321540354",
                "190216847597421664685166954687926435829",
                "102407034547303853269426827495290453869",
                "186293804060923598718810424859588303927",
                "290103630696564765880958932197461265308",
                "322737292794715980099269627786847713967",
                "334616277915873695771865830879990837697",
                "197765427768008031321611285607281048690",
                "298659179019590715846434525672843135557",
                "199499438715306889503172977210047248715",
                "272070749649964760834026716915801934508",
                "29081942631660209915373866729150263667",
                "87418713843040386381530137764403723090",
                "309107143689793180652615461655349862883",
                "251463706379094601125811997926082225843",
                "171828270780062548668106103070912607352",
                "22268065973552071348817262898176767032",
                "245081881190811842938574318992336404258",
                "163175127027898769915101378067106146439",
                "85316354954235917282774251427028583758",
                "191276936472786291445231501168812830602",
                "103382136590957242658480859355831987186",
                "333834760024007424466013183648303764092",
                "262973578630666388220591677654303615829",
                "204784031150296773296066253938588067890",
                "321341720643315425248753324009191354452",
                "108589343104499148882430523227188022132",
                "162537322749264484350119367015684348252",
                "309728844864474092845773078823405196823",
                "109170649392046705200283574145246962728",
                "146353659810959717964722383676722074969",
                "70368403507984273570525903369810576711",
                "121949986042889515027352943172741936278",
                "164663971798849936788235814836964023864",
                "128830408522036701930632930926119170271",
                "215478055495097449615510989708948489915",
                "234468626219250177682342215220673351490",
                "12763412721675200161600590049016942090",
                "705494811003061223221742669461698353",
                "309226369794266593528029011918873014968",
                "167331721826572119151825898277754222465",
                "315302645844222319839730189148419628132",
                "227075103372787249679490724137028304477",
                "33970946237243125965379131958652745312",
                "252285454278435458792995779740150899344",
                "231918693688404949032015739617746244294",
                "12824258391023395343828823027773094451",
                "92272613834978389967416567930965881399",
                "128663147859455112711499514413592336239",
                "113923438906448529500429142666673160535",
                "134863545922631792209347304559307744077",
                "72674923252412134087438487532692484240",
                "15013787657112157813973613134007031400",
                "235448435033774168547552067195637691679",
                "222672910023386413775287444853795894976",
                "127490110947525233853578466673566542259",
                "226968131185783177648574572445471607948",
                "245453787021443667181725407166053261019",
                "164851932955848543167162986184275197180",
                "85447501380213897191992305734359830395",
                "12564929265047906615557270879186835320",
                "35069797382580591225395453163960338691",
                "36255333051063678581540875964622072441",
                "252276826783208850725838908536155094807",
                "16410312740625570089468607843422813292",
                "12440686624945023517439542752980057240",
                "249823706120714954237180037365024813308",
                "204801158806788980249539924576333028138",
                "276455505911087579891685894095296549112",
                "171350288323306695467308396642582242390",
                "245726162421418749368570129077094096519",
                "117753679471510447287438064069665663895",
                "338694841038464464109591282599445172096",
                "18022907097316540841242402422627077792",
                "178865649505878584974238437275550837324",
                "305254156708379252822661913857063312378",
                "284235558520241220734576854118360921090",
                "156536626571943708667042592502393235334",
                "163177280507539441387734881999821046437",
                "318014808497281969452216008918357613097",
                "11376179464845478163778967678852763622",
                "85817313791320640306767279373614356885",
                "273044645211350846033584871890401335473",
                "91183525452321653755224100892854793182",
                "93520762813066585046273950685569725116",
                "245655986828335698686908356740219114866",
                "147959747735019007654252626225755476002",
                "65210476693850494944135257820037467164",
                "5043384243151691372561132837648584719",
                "17348446764311416887700524305116403500",
                "276447329393778045090954749179415228837",
                "174100699802338636355324775157188957765",
                "332964053735181299260058707204483785172",
                "227752346131528942480465949558518912487",
                "48049674875168481026295046528474758470",
                "222410508569724292613625681627260220884",
                "232619685225272302879460389960459749044",
                "248311928162843308304595654491515459489",
                "176155048513340227985356618259029511587",
                "170606686798623693456833160402468641253",
                "266262771085748004413571545383139613801",
                "151992928966563503451607597615654564029",
                "112480491067602645281721764564179168987",
                "14113846735819861677140612288796350428",
                "176325441418138414790334915997525910089",
                "217160185829253538118711316013616081131",
                "266262771085748004413571545383139613801",
                "193957125881567194969031872783363017110",
                "50739615430710464387265094972150280530",
                "332317641405912541042804376063853818159",
                "147474256294069241429218491585942141971",
                "188929430856637374216935283328516266109",
                "278808651246345425819316729292839541626",
                "270499595940053738484414645370331084869",
                "131484910778332888115809226799186039947",
                "316399817939363862409596886986507910254",
                "328781522724114441922703342510250110953",
                "36914403806961565585029142986721717345",
                "232547160482375325454692295878039666205",
                "288434283168714850854652506045959136060"
            ]
        },
        "source": "https://github.com/apple/swift-nio/commit/8da5c5a4e6c5084c296b9f39dc54f00be146e0fa",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2023-31136-81311dde",
        "target": {
            "file": "Sources/CNIOHTTPParser/c_nio_http_parser.c"
        }
    },
    {
        "digest": {
            "length": 346.0,
            "function_hash": "247123974598638589247157979587743745938"
        },
        "source": "https://github.com/apple/swift-nio/commit/8da5c5a4e6c5084c296b9f39dc54f00be146e0fa",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2023-31136-9d8b7563",
        "target": {
            "file": "Sources/CNIOHTTPParser/c_nio_http_parser.c",
            "function": "c_nio_http_message_needs_eof"
        }
    },
    {
        "digest": {
            "length": 1930.0,
            "function_hash": "36244981047383295362103003427481551934"
        },
        "source": "https://github.com/apple/swift-nio/commit/8da5c5a4e6c5084c296b9f39dc54f00be146e0fa",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2023-31136-a204df16",
        "target": {
            "file": "Sources/CNIOHTTPParser/c_nio_http_parser.c",
            "function": "c_nio_http_parser_parse_url"
        }
    },
    {
        "digest": {
            "length": 25180.0,
            "function_hash": "120707344560792038355562918175063855719"
        },
        "source": "https://github.com/apple/swift-nio/commit/8da5c5a4e6c5084c296b9f39dc54f00be146e0fa",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2023-31136-a9b711ec",
        "target": {
            "file": "Sources/CNIOHTTPParser/c_nio_http_parser.c",
            "function": "c_nio_http_parser_execute"
        }
    },
    {
        "digest": {
            "length": 1798.0,
            "function_hash": "231343274068935318289014364523424123662"
        },
        "source": "https://github.com/apple/swift-nio/commit/8da5c5a4e6c5084c296b9f39dc54f00be146e0fa",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2023-31136-b1a0ce5c",
        "target": {
            "file": "Sources/CNIOHTTPParser/c_nio_http_parser.c",
            "function": "http_parse_host"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "156795787947303449052969177408990759377",
                "101528112647692028857975502296478991695",
                "23372527839091085723847472413373818441",
                "265126459164267247977171573226794072462",
                "216129878894441621465945582196940013631",
                "133325533332794136050940926217956608816",
                "281979386094545960863350787100113738844",
                "53035715322980750687620686832683618680",
                "36392596462907986050957145206514150856",
                "37504989817168417832258557530872980564",
                "109065209946266892078191816307106810177",
                "106721678713883582834404770792557341923",
                "61280904828405020057064157271245155752",
                "221219197003036487764352530138950124302",
                "181243154263496972543399363192422104827",
                "254388722320944176874320767039079082468",
                "126395640329623582734147744130998740865",
                "315777092732551456975233124329765325358",
                "276509475818340453185325995597165799290",
                "226055153801577016389668319365565267804",
                "9493524103632761065252798798885954127",
                "160661780140446323056517873361159975926"
            ]
        },
        "source": "https://github.com/apple/swift-nio/commit/8da5c5a4e6c5084c296b9f39dc54f00be146e0fa",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2023-31136-c7d89168",
        "target": {
            "file": "Sources/CNIOHTTPParser/include/c_nio_http_parser.h"
        }
    }
]

Git / github.com/vapor/postgres-nio

Affected ranges

Type: GIT
Repo: https://github.com/vapor/postgres-nio
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2df54bc94607f44584ae6ffa74e3cd754fffafc7

Affected versions

1.*

1.0.0

1.0.0-alpha.1

1.0.0-alpha.1.1

1.0.0-alpha.1.2

1.0.0-alpha.1.3

1.0.0-alpha.1.4

1.0.0-alpha.1.5

1.0.0-alpha.1.6

1.0.0-beta.2

1.0.0-beta.2.1

1.0.0-beta.2.10

1.0.0-beta.2.2

1.0.0-beta.2.3

1.0.0-beta.2.4

1.0.0-beta.2.5

1.0.0-beta.2.6

1.0.0-beta.2.7

1.0.0-beta.2.8

1.0.0-beta.2.9

1.0.0-rc.1

1.0.0-rc.1.1

1.0.0-rc.1.2

1.0.0-rc.2

1.0.1