Description
An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.
Published: 2026-05-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an integer overflow in the network packet parsing logic of PgBouncer before version 1.25.2. When a malformed SCRAM authentication packet is received, the boundary check is bypassed and the process crashes. This flaw is classified as CWE‑190 – Integer Overflow or Wraparound. The impact is a loss of service: PgBouncer terminates, potentially disrupting database connections for all clients that rely on it. There is no direct evidence of data exfiltration or privilege escalation; the flaw chiefly allows attackers to cause a service‑level denial of service.

Affected Systems

PgBouncer deployments running any version prior to 1.25.2 are affected. This includes 1.24.x and older releases. The issue manifests during network packet parsing for client authentication, specifically when SCRAM authentication is enabled.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity DoS potential. EPSS is not available, so the likelihood of exploitation in the wild is unknown, but the flaw can be triggered remotely by an unauthenticated attacker who can send a crafted packet to the listening port. As it is not listed in CISA's KEV catalog, there is no current evidence of widespread exploitation. Attackers do not need elevated privileges; simply interacting with the PgBouncer service over the network suffices to cause the crash.

Generated by OpenCVE AI on May 9, 2026 at 03:17 UTC.

Remediation

Vendor Workaround

Do not configure SCRAM for client authentication

OpenCVE Recommended Actions

  • Update PgBouncer to version 1.25.2 or newer to eliminate the integer overflow in packet parsing.
  • If an immediate upgrade is not feasible, remove SCRAM authentication configuration for clients to prevent malformed SCRAM packets from being processed.
  • Audit your database connectivity and PgBouncer logs to detect unintended crashes or authentication errors, and enable rate limiting or firewall rules to limit repeated malformed packet attempts.

Generated by OpenCVE AI on May 9, 2026 at 03:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Pgbouncer
Pgbouncer pgbouncer
Vendors & Products Pgbouncer
Pgbouncer pgbouncer

Sat, 09 May 2026 01:15:00 +0000

Type Values Removed Values Added
Description An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.
Title PgBouncer integer overflow in PgBouncer network packet parsing
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Pgbouncer Pgbouncer
cve-icon MITRE

Status: PUBLISHED

Assigner: PostgreSQL

Published:

Updated: 2026-05-09T00:43:42.640Z

Reserved: 2026-04-20T12:25:43.095Z

Link: CVE-2026-6664

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-09T01:16:08.863

Modified: 2026-05-09T01:16:08.863

Link: CVE-2026-6664

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T03:30:24Z

Weaknesses