CVE-2023-31136

PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users.
Configurations

Configuration 1 (hide)

cpe:2.3:a:vapor:postgresnio:*:*:*:*:*:postgresql:*:*

History

21 Nov 2024, 08:01

Type Values Removed Values Added
References () https://github.com/advisories/GHSA-467w-rrqc-395f - Not Applicable () https://github.com/advisories/GHSA-467w-rrqc-395f - Not Applicable
References () https://github.com/advisories/GHSA-735f-7qx4-jqq5 - Not Applicable () https://github.com/advisories/GHSA-735f-7qx4-jqq5 - Not Applicable
References () https://github.com/apple/swift-nio/pull/2419 - Patch () https://github.com/apple/swift-nio/pull/2419 - Patch
References () https://github.com/vapor/postgres-nio/commit/2df54bc94607f44584ae6ffa74e3cd754fffafc7 - Patch () https://github.com/vapor/postgres-nio/commit/2df54bc94607f44584ae6ffa74e3cd754fffafc7 - Patch
References () https://github.com/vapor/postgres-nio/releases/tag/1.14.2 - Release Notes () https://github.com/vapor/postgres-nio/releases/tag/1.14.2 - Release Notes
References () https://github.com/vapor/postgres-nio/security/advisories/GHSA-9cfh-vx93-84vv - Vendor Advisory () https://github.com/vapor/postgres-nio/security/advisories/GHSA-9cfh-vx93-84vv - Vendor Advisory
References () https://www.postgresql.org/support/security/CVE-2021-23214/ - Not Applicable () https://www.postgresql.org/support/security/CVE-2021-23214/ - Not Applicable
References () https://www.postgresql.org/support/security/CVE-2021-23222/ - Not Applicable () https://www.postgresql.org/support/security/CVE-2021-23222/ - Not Applicable
CVSS v2 : unknown
v3 : 5.9
v2 : unknown
v3 : 3.7

16 May 2023, 16:43

Type Values Removed Values Added
References (MISC) https://github.com/advisories/GHSA-735f-7qx4-jqq5 - (MISC) https://github.com/advisories/GHSA-735f-7qx4-jqq5 - Not Applicable
References (MISC) https://github.com/vapor/postgres-nio/releases/tag/1.14.2 - (MISC) https://github.com/vapor/postgres-nio/releases/tag/1.14.2 - Release Notes
References (MISC) https://github.com/advisories/GHSA-467w-rrqc-395f - (MISC) https://github.com/advisories/GHSA-467w-rrqc-395f - Not Applicable
References (MISC) https://github.com/apple/swift-nio/pull/2419 - (MISC) https://github.com/apple/swift-nio/pull/2419 - Patch
References (MISC) https://www.postgresql.org/support/security/CVE-2021-23214/ - (MISC) https://www.postgresql.org/support/security/CVE-2021-23214/ - Not Applicable
References (MISC) https://www.postgresql.org/support/security/CVE-2021-23222/ - (MISC) https://www.postgresql.org/support/security/CVE-2021-23222/ - Not Applicable
References (MISC) https://github.com/vapor/postgres-nio/commit/2df54bc94607f44584ae6ffa74e3cd754fffafc7 - (MISC) https://github.com/vapor/postgres-nio/commit/2df54bc94607f44584ae6ffa74e3cd754fffafc7 - Patch
References (MISC) https://github.com/vapor/postgres-nio/security/advisories/GHSA-9cfh-vx93-84vv - (MISC) https://github.com/vapor/postgres-nio/security/advisories/GHSA-9cfh-vx93-84vv - Vendor Advisory
CPE cpe:2.3:a:vapor:postgresnio:*:*:*:*:*:postgresql:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9

09 May 2023, 14:30

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-09 14:15

Updated : 2024-11-21 08:01


NVD link : CVE-2023-31136

Mitre link : CVE-2023-31136

CVE.ORG link : CVE-2023-31136


JSON object : View

Products Affected

vapor

  • postgresnio
CWE
CWE-522

Insufficiently Protected Credentials