CVE-2021-23214

HIGH8.1

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption

Published Mar 4, 2022

Modified 1 years ago

Details

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

References

WEB

https://bugzilla.redhat.com/show_bug.cgi?id=2022666

WEB

https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=28e24125541545483093819efae9bca603441951

WEB

https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951

ADVISORY

https://security.gentoo.org/glsa/202211-04

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2021-23214

WEB