CVE-2021-23222

Опубликовано: 02 мар. 2022

Источник: debian

EPSS Низкий

Описание

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

Пакеты

Пакет	Статус	Версия исправления	Тип
postgresql-14	fixed	14.1-1	package
postgresql-13	unfixed		package
postgresql-11	removed		package
postgresql-9.6	removed		package

Примечания

https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d83cdfdca9d918bbbd6bb209139b94c954da7228 (REL9_6_24)

EPSS

Процентиль: 55%

0.00328

Низкий

Связанные уязвимости

CVE-2021-23222

CVSS3: 5.9

ubuntu

больше 3 лет назад

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

CVE-2021-23222

CVSS3: 3.7

redhat

больше 3 лет назад

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

CVE-2021-23222

CVSS3: 5.9

nvd

больше 3 лет назад

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

CVE-2021-23222

CVSS3: 5.9

msrc

больше 3 лет назад

Описание отсутствует

RLSA-2022:1891

rocky

около 3 лет назад

Low: libpq security update

EPSS

Процентиль: 55%

0.00328

Низкий