CVE-2021-23222

MEDIUM

SSL - SSRF

Title source: llm

Description

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

References (5)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2022675

[Various Sources] https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=d83cdfdca9d918bbbd6bb209139b94c954da7228

[Patch, Third Party Advisory] https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45

View Patch ZIP pw:eip

[Third Party Advisory] https://security.gentoo.org/glsa/202211-04

[Release Notes, Vendor Advisory] https://www.postgresql.org/support/security/CVE-2021-23222/

Scores

CVSS v3 5.9

EPSS 0.0028

EPSS Percentile 51.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

postgresql/postgresql < 9.6.24

postgresql/postgresql

Timeline

Published Mar 02, 2022

Tracked Since Feb 18, 2026