vulnerability
Huawei EulerOS: CVE-2021-43767: postgresql-10.5 security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:N/I:C/A:N) | Aug 25, 2022 | Feb 9, 2023 | Aug 13, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:C/A:N)
Published
Aug 25, 2022
Added
Feb 9, 2023
Modified
Aug 13, 2025
Description
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.
Solutions
huawei-euleros-2_0_sp8-upgrade-postgresqlhuawei-euleros-2_0_sp8-upgrade-postgresql-contribhuawei-euleros-2_0_sp8-upgrade-postgresql-develhuawei-euleros-2_0_sp8-upgrade-postgresql-docshuawei-euleros-2_0_sp8-upgrade-postgresql-libshuawei-euleros-2_0_sp8-upgrade-postgresql-plperlhuawei-euleros-2_0_sp8-upgrade-postgresql-plpythonhuawei-euleros-2_0_sp8-upgrade-postgresql-pltclhuawei-euleros-2_0_sp8-upgrade-postgresql-serverhuawei-euleros-2_0_sp8-upgrade-postgresql-test
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.