CVE-2021-3935

When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.

Published: Nov 22, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-3935
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

CWEs:

CWE-295
CWE-89

OWASP TOP 10:

A3 - Sensitive Data Exposure
A1 - Injection

Affected Software
References

Software	From	Fixed in
pgbouncer / pgbouncer	-	1.16.1
redhat / enterprise_linux	7.0	7.0.x
fedoraproject / fedora	35	35.x
debian / debian_linux	9.0	9.0.x

http://www.pgbouncer.org/changelog.html#pgbouncer-116x
https://bugzilla.redhat.com/show_bug.cgi?id=2021251
https://lists.debian.org/debian-lts-announce/2022/02/msg00016.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/TNPCV3KRDI5PLLLKADFVIOHACQJLZMLI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPCV3KRDI5PLLLKADFVIOHACQJLZMLI/

Vulnerability Database

289,599

CVE-2021-3935