Lucene search
PRIOn knowledge basePRION:CVE-2021-23222HistoryMar 02, 2022 - 11:15 p.m.
Design/Logic Flaw
2022-03-0223:15:00
PRIOn knowledge base
www.prio-n.com
17
A man-in-the-middle attacker can inject false responses to the client’s first few queries, despite the use of SSL certificate verification and encryption.
| CPE | Name | Operator | Version |
|---|---|---|---|
| postgresql | ge | 9.6 | |
| postgresql | lt | 9.6.24 | |
| postgresql | ge | 10.0 | |
| postgresql | lt | 10.19 | |
| postgresql | ge | 11.0 | |
| postgresql | lt | 11.14 | |
| postgresql | ge | 12.0 | |
| postgresql | lt | 12.9 | |
| postgresql | ge | 13.0 | |
| postgresql | lt | 13.5 |
References
bugzilla.redhat.com/show_bug.cgi?id=2022675
git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d83cdfdca9d918bbbd6bb209139b94c954da7228
github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45
security.gentoo.org/glsa/202211-04
www.postgresql.org/support/security/CVE-2021-23222/
Related
redhatcve
redhatcve
CVE-2021-23222
2021-11-12 12:00:28
veracode
veracode
Denial Of Service (DoS)
2021-11-14 07:42:43
osv
osv
CVE-2021-23222
2022-03-02 23:15:08
Low: libpq security update
2022-05-10 06:36:04
BIT-postgresql-2021-23222
2024-03-06 11:05:21
alpinelinux
alpinelinux
CVE-2021-23222
2022-03-02 23:15:08
nessus
nessus
Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-008)
2024-03-06 00:00:00
Rocky Linux 8 : libpq (RLSA-2022:1891)
2023-11-06 00:00:00
EulerOS 2.0 SP3 : postgresql (EulerOS-SA-2022-1756)
2022-05-26 00:00:00
cvelist
cvelist
CVE-2021-23222
2022-03-02 00:00:00
CVE-2021-43767
2022-08-25 17:27:39
oraclelinux
oraclelinux
libpq security update
2022-05-17 00:00:00
redhat
redhat
(RHSA-2022:1891) Low: libpq security update
2022-05-10 06:36:04
(RHSA-2021:5197) Moderate: rh-postgresql12-postgresql security update
2021-12-16 18:07:11
(RHSA-2021:5179) Moderate: rh-postgresql13-postgresql security update
2021-12-16 11:34:46
openvas
openvas
Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2022-1197)
2022-02-24 00:00:00
Ubuntu: Security Advisory (USN-5765-1)
2022-12-08 00:00:00
Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2022-1756)
2022-05-25 00:00:00
debiancve
debiancve
CVE-2021-23222
2022-03-02 23:15:08
ubuntu
ubuntu
PostgreSQL vulnerability
2022-12-07 00:00:00
PostgreSQL vulnerabilities
2021-11-11 00:00:00
nvd
nvd
CVE-2021-23222
2022-03-02 23:15:08
CVE-2021-43767
2022-08-25 18:15:09
rocky
rocky
libpq security update
2022-05-10 06:36:04
cve
cve
CVE-2021-23222
2022-03-02 23:15:08
CVE-2021-43767
2022-08-25 18:15:09
cbl_mariner
cbl_mariner
CVE-2021-23222 affecting package postgresql 12.8-1
2022-03-19 16:40:54
CVE-2021-23222 affecting package postgresql for versions less than 14.2-1
2022-04-26 20:17:02
ubuntucve
ubuntucve
CVE-2021-23222
2021-11-11 00:00:00
almalinux
almalinux
Low: libpq security update
2022-05-10 06:36:04
redos
redos
ROS-20220125-13
2022-01-25 00:00:00
altlinux
altlinux
ibm
ibm
Security Bulletin: IBM Spectrum Protect Plus is vulnerable to PostgreSQL Man-in-the-Middle and Slowloris Denial of Service attacks (CVE-2021-23222, CVE-2022-22354)
2022-03-11 16:31:31
suse
suse
Security update for postgresql14 (important)
2021-11-22 00:00:00
Security update for postgresql10 (important)
2021-12-15 00:00:00
Security update for postgresql12 (important)
2021-11-22 00:00:00
kaspersky
kaspersky
KLA12378 Multiple vulnerabilities in PostgreSQL
2021-11-11 00:00:00
debian
debian
[SECURITY] [DLA 2817-1] postgresql-9.6 security update
2021-11-12 08:46:22
[SECURITY] [DSA 5006-1] postgresql-11 security update
2021-11-11 21:49:53
[SECURITY] [DSA 5007-1] postgresql-13 security update
2021-11-11 21:52:56
mageia
mageia
Updated postgresql packages fix security vulnerability
2021-11-25 16:06:13
freebsd
freebsd
PostgreSQL -- Possible man-in-the-middle attacks
2021-11-08 00:00:00
prion
prion
Authentication flaw
2022-08-25 18:15:00
github
github
PostgresNIO processes unencrypted bytes from man-in-the-middle
2023-05-10 19:20:16
fedora
fedora
[SECURITY] Fedora 35 Update: pgbouncer-1.16.1-1.fc35
2021-12-31 01:21:38
gentoo
gentoo
PostgreSQL: Multiple Vulnerabilities
2022-11-19 00:00:00
hp
hp
HP Device Manager Vulnerability Update (5.0.12)
2024-01-26 00:00:00