Launchpad.net

CVE 2021-23214

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

Related bugs and status

CVE-2021-23214 (Candidate) is related to these bugs:

Bug #1950268: New upstream microreleases 10.19 12.9 13.5, 14.1

		In	Importance	Status
1950268	New upstream microreleases 10.19 12.9 13.5, 14.1	postgresql-12 (Ubuntu)	Undecided	Invalid
1950268	New upstream microreleases 10.19 12.9 13.5, 14.1	postgresql-10 (Ubuntu)	Undecided	Invalid
1950268	New upstream microreleases 10.19 12.9 13.5, 14.1	postgresql-13 (Ubuntu)	Undecided	Invalid
1950268	New upstream microreleases 10.19 12.9 13.5, 14.1	postgresql-14 (Ubuntu)	Undecided	Invalid
1950268	New upstream microreleases 10.19 12.9 13.5, 14.1	postgresql-13 (Ubuntu Impish)	Undecided	Fix Released
1950268	New upstream microreleases 10.19 12.9 13.5, 14.1	postgresql-12 (Ubuntu Focal)	Undecided	Fix Released
1950268	New upstream microreleases 10.19 12.9 13.5, 14.1	postgresql-13 (Ubuntu Jammy)	Undecided	Won't Fix
1950268	New upstream microreleases 10.19 12.9 13.5, 14.1	postgresql-14 (Ubuntu Jammy)	Undecided	Fix Released
1950268	New upstream microreleases 10.19 12.9 13.5, 14.1	postgresql-13 (Ubuntu Hirsute)	Undecided	Fix Released
1950268	New upstream microreleases 10.19 12.9 13.5, 14.1	postgresql-10 (Ubuntu Bionic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2021-23214

Related bugs and status

Related bugs

References