CVE-2026-6664

Published: Mag 09, 2026 Last Modified: Mag 09, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,5

Source: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.

190

Integer Overflow or Wraparound

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality Access Control Other

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Memory) Dos: Instability Modify Memory Execute Unauthorized Code Or Commands Bypass Protection Mechanism Alter Execution Logic Dos: Resource Consumption (Cpu)

Applicable Platforms

Languages: C, Not Language-Specific

Likelihood of Exploit: Medium

View CWE Details

https://www.pgbouncer.org/changelog.html#pgbouncer-125x

CVE-2026-6664

Description

Integer Overflow or Wraparound

Common Consequences

Applicable Platforms

Iscriviti alla newsletter