Unrated severityNVD Advisory· Published Mar 4, 2022· Updated Aug 3, 2024

CVE-2021-23214

Description

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

Affected products

131

osv-coords131 versions
pkg:bitnami/postgresql pkg:rpm/almalinux/pgaudit pkg:rpm/almalinux/pg_repack pkg:rpm/almalinux/postgres-decoderbufs pkg:rpm/almalinux/postgresql pkg:rpm/almalinux/postgresql-contrib pkg:rpm/almalinux/postgresql-docs pkg:rpm/almalinux/postgresql-plperl pkg:rpm/almalinux/postgresql-plpython3 pkg:rpm/almalinux/postgresql-pltcl pkg:rpm/almalinux/postgresql-server pkg:rpm/almalinux/postgresql-server-devel pkg:rpm/almalinux/postgresql-static pkg:rpm/almalinux/postgresql-test pkg:rpm/almalinux/postgresql-test-rpm-macros pkg:rpm/almalinux/postgresql-upgrade pkg:rpm/almalinux/postgresql-upgrade-devel pkg:rpm/opensuse/postgresql10&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/postgresql10&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/postgresql10&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql11&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql12&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/postgresql12&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql13&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/postgresql13&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql14&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/postgresql14&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql15&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql16&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql17&distro=openSUSE%20Tumbleweed pkg:rpm/suse/postgresql10&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/postgresql10&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/postgresql10&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/postgresql10&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/postgresql10&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/postgresql10&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/postgresql12&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/postgresql14&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/postgresql14&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/postgresql14&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/postgresql14&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/postgresql14&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/postgresql96&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/postgresql96&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/postgresql96&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/postgresql&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/postgresql&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/postgresql&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/postgresql&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/postgresql&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/postgresql&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 9.6.24+ 130 more
- (no CPE)range: < 9.6.24
- (no CPE)range: < 1.4.0-5.module_el8.6.0+2758+4f4474df
- (no CPE)range: < 1.4.6-3.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 0.10.0-2.module_el8.6.0+2760+1746ec94
- (no CPE)range: < 12.9-1.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 12.9-1.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 12.9-1.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 12.9-1.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 12.9-1.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 12.9-1.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 12.9-1.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 12.9-1.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 12.9-1.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 12.9-1.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 12.9-1.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 12.9-1.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 12.9-1.module_el8.5.0+2606+4554acc4
- (no CPE)range: < 10.19-lp152.2.27.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-1.1
- (no CPE)range: < 11.14-1.1
- (no CPE)range: < 12.9-8.26.1
- (no CPE)range: < 12.9-1.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-1.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-1.1
- (no CPE)range: < 15.4-2.1
- (no CPE)range: < 16.4-1.1
- (no CPE)range: < 17.6-2.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.22-150000.4.42.1
- (no CPE)range: < 10.22-150000.4.42.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.22-150000.4.42.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.22-150000.4.42.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 12.12-150100.3.33.1
- (no CPE)range: < 12.12-150100.3.33.1
- (no CPE)range: < 12.12-150100.3.33.1
- (no CPE)range: < 12.9-8.26.1
- (no CPE)range: < 12.9-8.26.1
- (no CPE)range: < 12.9-8.26.1
- (no CPE)range: < 12.9-8.26.1
- (no CPE)range: < 12.9-8.26.1
- (no CPE)range: < 12.9-3.21.1
- (no CPE)range: < 12.12-150100.3.33.1
- (no CPE)range: < 12.12-150100.3.33.1
- (no CPE)range: < 12.9-3.21.1
- (no CPE)range: < 12.12-150100.3.33.1
- (no CPE)range: < 12.9-3.21.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-3.15.2
- (no CPE)range: < 13.5-3.15.2
- (no CPE)range: < 13.5-3.15.2
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202211-04mitrevendor-advisory
bugzilla.redhat.com/show_bug.cgimitre
git.postgresql.org/gitweb/mitre
github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951mitre
www.postgresql.org/support/security/CVE-2021-23214/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000