CVE-2026-6664

Summary

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.

Affected Software

VendorProductVersion RangeStatus
n/aPgBouncer0 < 1.25.2affected

Weaknesses

  • CWE-190: Integer Overflow or Wraparound

Workarounds

Do not configure SCRAM for client authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References