{"id":"CVE-2021-23214","details":"When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.","aliases":["BIT-postgresql-2021-23214"],"modified":"2026-03-17T14:15:59.959498Z","published":"2022-03-04T16:15:08.293Z","related":["ALSA-2021:5235","ALSA-2021:5236","ALSA-2022:1830","MGASA-2021-0523","SUSE-SU-2021:3755-1","SUSE-SU-2021:3757-1","SUSE-SU-2021:3758-1","SUSE-SU-2021:3759-1","SUSE-SU-2021:3760-1","SUSE-SU-2021:3761-1","SUSE-SU-2021:3762-1","SUSE-SU-2021:4058-1","SUSE-SU-2022:2893-1","SUSE-SU-2022:2958-1","openSUSE-SU-2021:1584-1","openSUSE-SU-2021:3758-1","openSUSE-SU-2021:3759-1","openSUSE-SU-2021:3762-1","openSUSE-SU-2021:4058-1","openSUSE-SU-2024:11625-1","openSUSE-SU-2024:11626-1","openSUSE-SU-2024:11627-1","openSUSE-SU-2024:11628-1","openSUSE-SU-2024:11629-1","openSUSE-SU-2024:13243-1","openSUSE-SU-2024:14360-1","openSUSE-SU-2025:15580-1"],"references":[{"type":"WEB","url":"https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=28e24125541545483093819efae9bca603441951"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202211-04"},{"type":"ADVISORY","url":"https://www.postgresql.org/support/security/CVE-2021-23214/"},{"type":"FIX","url":"https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2022666"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/postgres/postgres","events":[{"introduced":"0"},{"fixed":"28e24125541545483093819efae9bca603441951"}]},{"type":"GIT","repo":"https://github.com/postgres/postgres","events":[{"introduced":"0"},{"fixed":"28e24125541545483093819efae9bca603441951"}]}],"versions":["PG95-1_01","REL6_1","REL6_1_1","REL6_2","REL6_2_1","REL6_3","REL6_3_2","REL6_5","REL7_0","REL7_1","REL7_1_BETA","REL7_1_BETA2","REL7_1_BETA3","REL7_2","REL7_2_BETA1","REL7_2_BETA2","REL7_2_BETA3","REL7_2_BETA4","REL7_2_BETA5","REL7_2_RC1","REL7_2_RC2","REL7_4_BETA1","REL7_4_BETA2","REL7_4_BETA3","REL7_4_BETA4","REL7_4_BETA5","REL7_4_RC1","REL8_0_0","REL8_0_0BETA1","REL8_0_0BETA2","REL8_0_0BETA3","REL8_0_0BETA4","REL8_0_0BETA5","REL8_0_0RC1","REL8_0_0RC2","REL8_0_0RC3","REL8_0_0RC4","REL8_0_0RC5","REL8_1_0","REL8_1_0BETA1","REL8_1_0BETA2","REL8_1_0BETA3","REL8_1_0BETA4","REL8_1_0RC1","REL8_2_0","REL8_2_BETA1","REL8_2_BETA2","REL8_2_BETA3","REL8_2_RC1","REL8_3_0","REL8_3_BETA1","REL8_3_BETA2","REL8_3_BETA3","REL8_3_BETA4","REL8_3_RC1","REL8_3_RC2","REL8_4_0","REL8_4_BETA1","REL8_4_BETA2","REL8_4_RC1","REL8_4_RC2","REL9_0_ALPHA5","REL9_0_BETA1","REL9_0_BETA2","REL9_0_BETA3","REL9_1_ALPHA1","REL9_1_ALPHA2","REL9_1_ALPHA3","REL9_1_ALPHA4","REL9_1_ALPHA5","REL9_1_BETA1","REL9_1_BETA2","REL9_2_BETA1","REL9_2_BETA2","REL9_3_BETA1","REL9_4_BETA1","REL9_5_ALPHA1","REL9_6_BETA1","REL9_6_BETA2","REL9_6_BETA3","REL9_6_BETA4","REL_10_BETA1","REL_10_BETA2","REL_10_BETA3","REL_11_BETA1","REL_11_BETA2","REL_12_BETA1","REL_12_BETA2","REL_13_BETA1","REL_14_BETA1","REL_14_BETA2","Release_1_0_2","Release_2_0","Release_2_0_0","release-6-3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"9.6.24"}]},{"events":[{"introduced":"10.0"},{"fixed":"10.19"}]},{"events":[{"introduced":"11.0"},{"fixed":"11.14"}]},{"events":[{"introduced":"12.0"},{"fixed":"12.9"}]},{"events":[{"introduced":"13.0"},{"fixed":"13.5"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23214.json","vanir_signatures":[{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"3811890202093623500044753568135729362","length":6502},"source":"https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951","id":"CVE-2021-23214-105eea8c","signature_type":"Function","target":{"file":"src/backend/postmaster/postmaster.c","function":"ProcessStartupPacket"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["144879391767781558536346253203041229101","143909272608489929547646403088676984859","165740410277193971204068639552488249268","152409958841785490640372562688845117313","234706297917235548429385406617794107408","11828208314494370596831837586978750783"],"threshold":0.9},"source":"https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951","id":"CVE-2021-23214-55642aa1","signature_type":"Line","target":{"file":"src/backend/postmaster/postmaster.c"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["257279594944366299067624145088475835974","188038483610294623053840785400255306180","333524964208957746553278214859551397688"],"threshold":0.9},"source":"https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951","id":"CVE-2021-23214-a802c310","signature_type":"Line","target":{"file":"src/backend/libpq/pqcomm.c"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["269875017630651410691849837907292701499","126933090860823315927436042326420265172","127112800835486014972045098290616986500","168426345693575339352762023412076698426"],"threshold":0.9},"source":"https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951","id":"CVE-2021-23214-ee44c440","signature_type":"Line","target":{"file":"src/include/libpq/libpq.h"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}