CVE-2021-23222
5.9
MEDIUM
CVSS 3.1
EPSS 0.28%
Description
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
How to fix CVE-2021-23222
To remediate CVE-2021-23222, upgrade the affected package to a fixed version below.
- Alpine/postgresql—upgrade to 12.9-r0 or later
- Alpine/postgresql13—upgrade to 13.5-r0 or later
- —upgrade to 14.1-r0 or later
- —upgrade to 14.1-r0 or later
- —upgrade to 9.6.24 or later
- —upgrade to 13.5-0+deb11u1 or later
Is CVE-2021-23222 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (6)
- from 0, < 12.9-r0
- from 0, < 13.5-r0
- from 0, < 14.1-r0
- from 0, < 14.1-r0
- >= 9.6.0, < 9.6.24, >= 10.0.0, < 10.19.0, >= 11.0.0, < 11.14.0, >= 12.0.0, < 12.9.0, >= 13.0.0, < 13.5.0, >= 14.0.0, < 14.0.1
- from 0, < 13.5-0+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |