CVE-2021-3935 — SQL Injection in Pgbouncer

CWE-89 — SQL Injection CWE-295 — Improper Certificate Validation6 documents6 sources

Severity

8.1HIGHNVD

EPSS

0.1%

top 65.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pgbouncer Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedNov 22

Latest updateMay 24

Description

When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

▶NVDpgbouncer/pgbouncer< 1.16.1

▶Debianpgbouncer/pgbouncer< 1.15.0-1+deb11u1+3

▶CVEListV5pgbouncer/pgbouncerPgBouncer 1.16.1

Also affects: Debian Linux 9.0, Fedora 35, Enterprise Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-jh4v-gqwq-hfrr: When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first es↗2022-05-24

▶

OSV

CVE-2021-3935: When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first es↗2021-11-22

▶

CVEList

CVE-2021-3935: When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first es↗2021-11-22

▶

📋Vendor Advisories

Microsoft

When PgBouncer is configured to use "cert" authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established despite the use of TLS certificate verifi↗2021-11-09

▶

Debian

CVE-2021-3935: pgbouncer - When PgBouncer is configured to use "cert" authentication, a man-in-the-middle a...↗2021

▶