CVE-2026-6665

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PgBouncer versions prior to 1.25.2

Description The SCRAM code fails to correctly check the return value of the strlcat() function when constructing the SCRAM client-final-message. A malicious backend can trigger a stack overflow by sending a SCRAM server-final-message containing a long nonce.

Recommendations Update to version 1.25.2 or later.

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

CVE-2026-6665

Affected Products

Pgbouncer

CVE-2026-6665

Weakness Enumeration

Related Identifiers

Affected Products

References · 3