Primary

Context

PgBouncer Integer Overflow Vulnerability in SCRAM Authentication Packet Parsing Leading to Denial-of-Service

Vulnerability

Patched

A vulnerability exists in PgBouncer versions prior to 1.25.2, where an integer overflow in the network packet parsing code can bypass a boundary check, potentially leading to a crash. This issue allows an unauthenticated remote attacker to cause a denial-of-service by sending a malformed SCRAM authentication packet.

Impact

Exploitation of this vulnerability causes PgBouncer to crash, disrupting service.

Remediation

Users can upgrade to PgBouncer version 1.25.2 or later to address this vulnerability.

Added: May 9, 2026, 1:19 AM

Updated: May 9, 2026, 1:19 AM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

7.0

remediation

7.7

relevance

7.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

7.0

remediation

7.7

relevance

7.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PgBouncer Integer Overflow Vulnerability in SCRAM Authentication Packet Parsing Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

PgBouncer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating