CVE-2021-23222

Published: Mar 2, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

Vendor	Product	Versions
n/a	postgresql	affected `Affects v9.6 to v14`

Weaknesses (CWE)

CWE-522

References

https://bugzilla.redhat.com/show_bug.cgi?id=2022675

https://www.postgresql.org/support/security/CVE-2021-23222/

https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=d83cdfdca9d918bbbd6bb209139b94c954da7228

https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45

GLSA-202211-04

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-23222

Description

Affected Products

Weaknesses (CWE)

References