Unrated severityNVD Advisory· Published Mar 2, 2022· Updated Aug 3, 2024

CVE-2021-23222

Description

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

Affected products

117

osv-coords117 versions
pkg:bitnami/postgresql pkg:rpm/almalinux/libpq pkg:rpm/almalinux/libpq-devel pkg:rpm/opensuse/postgresql10&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/postgresql10&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/postgresql10&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql11&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql12&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/postgresql12&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql13&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/postgresql13&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql14&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/postgresql14&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql15&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql16&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql17&distro=openSUSE%20Tumbleweed pkg:rpm/suse/postgresql10&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/postgresql10&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/postgresql10&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/postgresql10&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/postgresql10&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/postgresql10&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/postgresql12&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/postgresql14&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/postgresql14&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/postgresql14&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/postgresql14&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/postgresql14&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/postgresql96&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/postgresql96&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/postgresql96&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/postgresql&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/postgresql&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/postgresql&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/postgresql&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/postgresql&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/postgresql&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
>= 9.6.0, < 9.6.24+ 116 more
- (no CPE)range: >= 9.6.0, < 9.6.24
- (no CPE)range: < 13.5-1.el8
- (no CPE)range: < 13.5-1.el8
- (no CPE)range: < 10.19-lp152.2.27.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-1.1
- (no CPE)range: < 11.14-1.1
- (no CPE)range: < 12.9-8.26.1
- (no CPE)range: < 12.9-1.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-1.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-1.1
- (no CPE)range: < 15.4-2.1
- (no CPE)range: < 16.4-1.1
- (no CPE)range: < 17.6-2.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.22-150000.4.42.1
- (no CPE)range: < 10.22-150000.4.42.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.22-150000.4.42.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.22-150000.4.42.1
- (no CPE)range: < 10.19-8.41.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 10.19-4.22.1
- (no CPE)range: < 12.12-150100.3.33.1
- (no CPE)range: < 12.12-150100.3.33.1
- (no CPE)range: < 12.12-150100.3.33.1
- (no CPE)range: < 12.9-8.26.1
- (no CPE)range: < 12.9-8.26.1
- (no CPE)range: < 12.9-8.26.1
- (no CPE)range: < 12.9-8.26.1
- (no CPE)range: < 12.9-8.26.1
- (no CPE)range: < 12.9-3.21.1
- (no CPE)range: < 12.12-150100.3.33.1
- (no CPE)range: < 12.12-150100.3.33.1
- (no CPE)range: < 12.9-3.21.1
- (no CPE)range: < 12.12-150100.3.33.1
- (no CPE)range: < 12.9-3.21.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-5.22.1
- (no CPE)range: < 13.5-3.15.2
- (no CPE)range: < 13.5-3.15.2
- (no CPE)range: < 13.5-3.15.2
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-5.6.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 14.1-3.3.1
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 9.6.24-6.18.2
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 12.0.1-150000.8.19.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1
- (no CPE)range: < 14-4.10.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202211-04mitrevendor-advisory
bugzilla.redhat.com/show_bug.cgimitre
git.postgresql.org/gitweb/mitre
github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45mitre
www.postgresql.org/support/security/CVE-2021-23222/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000