Vulnerability CVE-2021-23222: Information

Description

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23222

Published: March 3, 2022

Modified: Nov. 7, 2023

Error type identifier: CWE-522

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
postgresql10	p10	10.19-alt1	10.23-alt1.p10.1	ALT-PU-2021-3345-1	289311	Fixed
postgresql10	p9	10.19-alt0.M90P.1	10.23-alt0.M90P.1	ALT-PU-2021-3462-1	289302	Fixed
postgresql10	p9_e2k	10.19-alt0.M90P.1.E2K.1	10.19-alt0.M90P.1.E2K.1	ALT-PU-2022-3858-1	-	Fixed
postgresql10	p8	10.19-alt0.M80P.1	10.19-alt0.M80P.1	ALT-PU-2021-3578-1	289365	Fixed
postgresql10	c10f1	10.19-alt1	10.23-alt1	ALT-PU-2021-3345-1	289311	Fixed
postgresql10	c9f2	10.19-alt0.M90P.1	10.23-alt0.M90P.1	ALT-PU-2021-3566-1	292243	Fixed
postgresql11	p10	11.14-alt1	11.22-alt0.p10.1	ALT-PU-2021-3346-1	289311	Fixed
postgresql11	p9	11.14-alt0.M90P.1	11.22-alt0.M90P.1	ALT-PU-2021-3463-1	289302	Fixed
postgresql11	p9_e2k	11.14-alt0.M90P.1.E2K.1	11.14-alt0.M90P.1.E2K.1	ALT-PU-2022-3859-1	-	Fixed
postgresql11	p8	11.14-alt0.M80P.1	11.14-alt0.M80P.1	ALT-PU-2021-3579-1	289365	Fixed
postgresql11	c10f1	11.14-alt1	11.22-alt0.p10.1	ALT-PU-2021-3346-1	289311	Fixed
postgresql11	c9f2	11.14-alt0.M90P.1	11.22-alt0.M90P.1	ALT-PU-2021-3567-1	292243	Fixed
postgresql11-1C	p8	11.12-alt0.M80P.2	11.12-alt0.M80P.2	ALT-PU-2021-3580-1	289365	Fixed
postgresql12	sisyphus	12.9-alt1	12.19-alt3	ALT-PU-2021-3253-1	289288	Fixed
postgresql12	sisyphus_e2k	12.9-alt1.E2K.1	12.19-alt1	ALT-PU-2021-4388-1	-	Fixed
postgresql12	p10	12.9-alt1	12.19-alt0.p10.1	ALT-PU-2021-3347-1	289311	Fixed
postgresql12	p9	12.9-alt0.M90P.1	12.18-alt0.M90P.1	ALT-PU-2021-3459-1	289302	Fixed
postgresql12	p9_e2k	12.9-alt0.M90P.1.E2K.1	12.9-alt0.M90P.1.E2K.1	ALT-PU-2022-3860-1	-	Fixed
postgresql12	p8	12.9-alt0.M80P.1	12.9-alt0.M80P.1	ALT-PU-2021-3581-1	289365	Fixed
postgresql12	c10f1	12.9-alt1	12.19-alt0.p10.1	ALT-PU-2021-3347-1	289311	Fixed
postgresql12	c9f2	12.9-alt0.M90P.1	12.18-alt0.c9f2.1	ALT-PU-2021-3600-1	292389	Fixed
postgresql12	p11	12.9-alt1	12.19-alt1	ALT-PU-2021-3253-1	289288	Fixed
postgresql12-1C	p9	12.7-alt0.M90P.3	12.17-alt0.M90P.2	ALT-PU-2021-3460-1	289302	Fixed
postgresql12-1C	p9_e2k	12.7-alt0.M90P.3.E2K.1	12.7-alt0.M90P.3.E2K.1	ALT-PU-2022-3861-1	-	Fixed
postgresql12-1C	c9f2	12.7-alt0.M90P.3	12.17-alt0.c9f2.2	ALT-PU-2021-3564-1	292243	Fixed
postgresql13	sisyphus	13.5-alt1	13.15-alt3	ALT-PU-2021-3254-1	289288	Fixed
postgresql13	sisyphus_e2k	13.5-alt1.E2K.1	13.15-alt1	ALT-PU-2021-4387-1	-	Fixed
postgresql13	p10	13.5-alt1	13.15-alt0.p10.1	ALT-PU-2021-3348-1	289311	Fixed
postgresql13	c10f1	13.5-alt1	13.15-alt0.p10.1	ALT-PU-2021-3348-1	289311	Fixed
postgresql13	p11	13.5-alt1	13.15-alt1	ALT-PU-2021-3254-1	289288	Fixed
postgresql14	sisyphus	14.1-alt1	14.12-alt3	ALT-PU-2021-3250-1	289288	Fixed
postgresql14	p10	14.1-alt1	14.12-alt0.p10.1	ALT-PU-2021-3250-1	289288	Fixed
postgresql14	p11	14.1-alt1	14.12-alt1	ALT-PU-2021-3250-1	289288	Fixed
postgresql9.6	p9	9.6.24-alt0.M90P.1	9.6.24-alt0.M90P.1	ALT-PU-2021-3461-1	289302	Fixed
postgresql9.6	p9_e2k	9.6.24-alt0.M90P.1.E2K.1	9.6.24-alt0.M90P.1.E2K.1	ALT-PU-2022-3857-1	-	Fixed
postgresql9.6	p8	9.6.24-alt0.M80P.1	9.6.24-alt0.M80P.1	ALT-PU-2021-3577-1	289365	Fixed
postgresql9.6	c9f2	9.6.24-alt0.M90P.1	9.6.24-alt0.M90P.1	ALT-PU-2021-3565-1	292243	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45	Patch Third Party Advisory
https://www.postgresql.org/support/security/CVE-2021-23222/	Release Notes Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2022675	Issue Tracking Third Party Advisory
GLSA-202211-04	Third Party Advisory
https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=d83cdfdca9d918bbbd6bb209139b94c954da7228

Affected configurations:
1. Configuration 1
  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
  Start including
  9.6
  End excliding
  9.6.24
  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
  Start including
  10.0
  End excliding
  10.19
  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
  Start including
  11.0
  End excliding
  11.14
  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
  Start including
  12.0
  End excliding
  12.9
  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
  Start including
  13.0
  End excliding
  13.5
  cpe:2.3:a:postgresql:postgresql:14.0:*:*:*:*:*:*:*

Version: v24.5.2

Vulnerability CVE-2021-23222: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1