← back
CVE-2023-31136

PostgresNIO processes unencrypted bytes from man-in-the-middle

CVSS 3.7 LOWEPSS 0.5%CWE-522
In short

PostgresNIO, a Swift PostgreSQL client, fails to properly verify TLS connections before processing server responses, allowing attackers on the network to intercept and inject fake data into the first queries sent by the client. This undermines the protection that TLS encryption is supposed to provide.

Technical detail

The vulnerability exists in PostgresNIO versions before 1.14.2 where the client processes unencrypted or unverified bytes from the server before completing TLS handshake validation. An attacker positioned as a man-in-the-middle can inject malicious responses to early queries, exploiting insufficient verification of the TLS session initialization. The attack requires network proximity but bypasses certificate verification mechanisms.

Summary generated and translated by AI from the official description.
PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
vapor · postgres-nio

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/advisories/GHSA-467w-rrqc-395fhttps://github.com/advisories/GHSA-735f-7qx4-jqq5https://github.com/apple/swift-nio/pull/2419https://github.com/vapor/postgres-nio/commit/2df54bc94607f44584ae6ffa74e3cd754fffafc7https://github.com/vapor/postgres-nio/releases/tag/1.14.2https://github.com/vapor/postgres-nio/security/advisories/GHSA-9cfh-vx93-84vvhttps://www.postgresql.org/support/security/CVE-2021-23214/https://www.postgresql.org/support/security/CVE-2021-23222/