Description
It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands.
Solution(s)
huawei-euleros-2_0_sp3-upgrade-postgresqlhuawei-euleros-2_0_sp3-upgrade-postgresql-contribhuawei-euleros-2_0_sp3-upgrade-postgresql-develhuawei-euleros-2_0_sp3-upgrade-postgresql-docshuawei-euleros-2_0_sp3-upgrade-postgresql-libshuawei-euleros-2_0_sp3-upgrade-postgresql-plperlhuawei-euleros-2_0_sp3-upgrade-postgresql-plpythonhuawei-euleros-2_0_sp3-upgrade-postgresql-pltclhuawei-euleros-2_0_sp3-upgrade-postgresql-serverhuawei-euleros-2_0_sp3-upgrade-postgresql-test
Referenceshttps://attackerkb.com/topics/cve-2021-23214CVE - 2021-23214EulerOS-SA-2022-1182