When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2011-0411 (different product).
The PostgreSQL project thanks Jacob Champion for reporting this problem.
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| 14 | 14.1 | Nov. 11, 2021 |
| 13 | 13.5 | Nov. 11, 2021 |
| 12 | 12.9 | Nov. 11, 2021 |
| 11 | 11.14 | Nov. 11, 2021 |
| 10 | 10.19 | Nov. 11, 2021 |
| 9.6 | 9.6.24 | Nov. 11, 2021 |
For more information about PostgreSQL versioning, please visit the versioning page.
| Overall Score | 8.1 |
|---|---|
| Component | core server |
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.
For reporting non-security bugs, please see the Report a Bug page.