{"id":"CVE-2021-23222","details":"A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.","aliases":["BIT-postgresql-2021-23222"],"modified":"2026-05-07T08:31:47.975024Z","published":"2022-03-02T23:15:08.517Z","related":["ALSA-2022:1891","SUSE-SU-2021:3755-1","SUSE-SU-2021:3757-1","SUSE-SU-2021:3758-1","SUSE-SU-2021:3759-1","SUSE-SU-2021:3760-1","SUSE-SU-2021:3761-1","SUSE-SU-2021:3762-1","SUSE-SU-2021:4058-1","SUSE-SU-2022:2893-1","SUSE-SU-2022:2958-1","openSUSE-SU-2021:1584-1","openSUSE-SU-2021:3758-1","openSUSE-SU-2021:3759-1","openSUSE-SU-2021:3762-1","openSUSE-SU-2021:4058-1","openSUSE-SU-2024:11625-1","openSUSE-SU-2024:11626-1","openSUSE-SU-2024:11627-1","openSUSE-SU-2024:11628-1","openSUSE-SU-2024:11629-1","openSUSE-SU-2024:13243-1","openSUSE-SU-2024:14360-1","openSUSE-SU-2025:15580-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"9.6"},{"fixed":"9.6.24"},{"introduced":"10.0"},{"fixed":"10.19"},{"introduced":"11.0"},{"fixed":"11.14"},{"introduced":"12.0"},{"fixed":"12.9"},{"introduced":"13.0"},{"fixed":"13.5"}],"cpe":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"14.0"}],"cpe":"cpe:2.3:a:postgresql:postgresql:14.0:*:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=d83cdfdca9d918bbbd6bb209139b94c954da7228"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202211-04"},{"type":"ADVISORY","url":"https://www.postgresql.org/support/security/CVE-2021-23222/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2022675"},{"type":"FIX","url":"https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/postgres/postgres","events":[{"introduced":"0"},{"fixed":"160c0258802d10b0600d7671b1bbea55d8e17d45"}],"database_specific":{"source":"REFERENCES"}}],"versions":["PG95-1_01","REL6_1","REL6_1_1","REL6_2","REL6_2_1","REL6_3","REL6_3_2","REL6_5","REL7_0","REL7_1","REL7_1_BETA","REL7_1_BETA2","REL7_1_BETA3","REL7_2","REL7_2_BETA1","REL7_2_BETA2","REL7_2_BETA3","REL7_2_BETA4","REL7_2_BETA5","REL7_2_RC1","REL7_2_RC2","REL7_4_BETA1","REL7_4_BETA2","REL7_4_BETA3","REL7_4_BETA4","REL7_4_BETA5","REL7_4_RC1","REL8_0_0","REL8_0_0BETA1","REL8_0_0BETA2","REL8_0_0BETA3","REL8_0_0BETA4","REL8_0_0BETA5","REL8_0_0RC1","REL8_0_0RC2","REL8_0_0RC3","REL8_0_0RC4","REL8_0_0RC5","REL8_1_0","REL8_1_0BETA1","REL8_1_0BETA2","REL8_1_0BETA3","REL8_1_0BETA4","REL8_1_0RC1","REL8_2_0","REL8_2_BETA1","REL8_2_BETA2","REL8_2_BETA3","REL8_2_RC1","REL8_3_0","REL8_3_BETA1","REL8_3_BETA2","REL8_3_BETA3","REL8_3_BETA4","REL8_3_RC1","REL8_3_RC2","REL8_4_0","REL8_4_BETA1","REL8_4_BETA2","REL8_4_RC1","REL8_4_RC2","REL9_0_ALPHA5","REL9_0_BETA1","REL9_0_BETA2","REL9_0_BETA3","REL9_1_ALPHA1","REL9_1_ALPHA2","REL9_1_ALPHA3","REL9_1_ALPHA4","REL9_1_ALPHA5","REL9_1_BETA1","REL9_1_BETA2","REL9_2_BETA1","REL9_2_BETA2","REL9_3_BETA1","REL9_4_BETA1","REL9_5_ALPHA1","REL9_6_BETA1","REL9_6_BETA2","REL9_6_BETA3","REL9_6_BETA4","REL_10_BETA1","REL_10_BETA2","REL_10_BETA3","REL_11_BETA1","REL_11_BETA2","REL_12_BETA1","REL_12_BETA2","REL_13_BETA1","REL_14_BETA1","REL_14_BETA2","Release_1_0_2","Release_2_0","Release_2_0_0","release-6-3"],"database_specific":{"vanir_signatures_modified":"2026-05-07T08:31:47Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23222.json","vanir_signatures":[{"source":"https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2021-23222-e1be026c","digest":{"threshold":0.9,"line_hashes":["10037443517696866748761392046871582022","325675312630126864791861414191520860108","248756423465337085234785710824740055381","219130724463359041405235398817575440371","18312600838351471896985731433715124179","29813103265162816138856506205737681509","248756423465337085234785710824740055381","219130724463359041405235398817575440371"]},"target":{"file":"src/interfaces/libpq/fe-connect.c"}},{"source":"https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2021-23222-f5ed594b","digest":{"function_hash":"218920273742902448943626208937972612244","length":22472},"target":{"function":"PQconnectPoll","file":"src/interfaces/libpq/fe-connect.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}