Sehrope

**Name of the Vulnerable Software and Affected Versions** pgjdbc versions 42.2.0 through 42.7.10 **Description** A client-side denial of service occurs during SCRAM-SHA-256 authentication. A malicious server can force the driver to execute SCRAM authentication using an excessively large iteration count, causing the client to consume an unbounded amount of CPU time within the PBKDF2 (Password-Based Key Derivation Function 2) process. This can tie up a CPU core per attempt, and concurrent attempts may exhaust client CPU resources and freeze connection pools. The `loginTimeout` parameter does not fully mitigate this issue, as the worker thread may continue the PBKDF2 computation even after the timeout expires. **Recommendations** Update to version 42.7.11.

**Name of the Vulnerable Software and Affected Versions** WAL-G versions prior to 1.1 **Description** The issue arises when a non-libsodium build of WAL-G is used, causing it to silently ignore the libsodium encryption key and upload backups in cleartext. This behavior is considered a violation of the Principle of Least Surprise, as users likely intend to encrypt all file activity. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to ensure that backups are properly encrypted. As a temporary workaround, consider avoiding the use of non-libsodium builds until a secure version is available.

Name of the Vulnerable Software and Affected Versions: pg versions prior to 2.11.2 pg versions prior to 3.6.4 pg versions prior to 4.5.7 pg versions prior to 5.2.1 pg versions prior to 6.4.2 pg versions prior to 7.1.2 Description: A remote code execution issue was found in the pg module when a remote database or query specifies a specially crafted column name. There are two likely scenarios in which one would be vulnerable: executing unsafe, user-supplied SQL that contains a malicious column name, or connecting to an untrusted database and executing a query that returns results where any of the column names are malicious. Recommendations: * Version 2.x.x: Update to version 2.11.2 or later. * Version 3.x.x: Update to version 3.6.4 or later. * Version 4.x.x: Update to version 4.5.7 or later. * Version 5.x.x: Update to version 5.2.1 or later. * Version 6.x.x: Update to version 6.4.2 or later. * Version 7.x.x: Update to version 7.1.2 or later.