---

CVE-2021-3935 - log back

CVE-2021-3935 edited at 04 Apr 2022 22:28:29
References	https://github.com/pgbouncer/pgbouncer/commit/e4453c9151a2f5af0a9cb049b302a3f9f9654453 + https://www.pgbouncer.org/changelog.html#pgbouncer-116x

CVE-2021-3935 edited at 22 Nov 2021 17:29:36
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Man-in-the-middle
Description	+ A security issue has been found in PgBouncer before version 1.16.1. A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could be abused to send faked SQL commands to the server, although that would only work if PgBouncer did not demand any authentication data. (However, a PgBouncer setup relying on SSL certificate authentication might well not do so.)
References	+ https://github.com/pgbouncer/pgbouncer/commit/e4453c9151a2f5af0a9cb049b302a3f9f9654453
Notes

CVE-2021-3935 created at 22 Nov 2021 17:26:12