Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
PgBouncer SCRAM overflow due to unchecked strlcat() return value
DEBIAN-CVE-2026-6665
Summary
A bug in PgBouncer's SCRAM code can cause a stack overflow if a malicious backend sends a long nonce. This can potentially allow an attacker to crash the PgBouncer service. To fix this, update to version 1.25.2 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:11 | debian | pgbouncer | All versions |
| Debian:12 | debian | pgbouncer | All versions |
| Debian:13 | debian | pgbouncer | All versions |
| Debian:14 | debian | pgbouncer | All versions |
Original title
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM ...
Original description
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow.
osv CVSS3.1
8.1
- https://security-tracker.debian.org/tracker/CVE-2026-6665 Vendor Advisory
Published: 9 May 2026 · Updated: 15 May 2026 · First seen: 9 May 2026