CVE-2026-6665
SCRAM Stack Overflow in PgBouncer
Publication date: 2026-05-09
Last updated on: 2026-05-09
Assigner: PostgreSQL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pgbouncer | pgbouncer | to 1.25.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the SCRAM code of PgBouncer versions before 1.25.2. It occurs because the code did not correctly check the return value of the strlcat() function when constructing the SCRAM client-final-message. This flaw allows a malicious backend to send a specially crafted SCRAM server-final-message containing a long nonce, which can trigger a stack overflow.
How can this vulnerability impact me? :
This vulnerability can lead to a stack overflow, which may allow an attacker to execute arbitrary code, cause a denial of service, or compromise the integrity and availability of the PgBouncer service. Given the CVSS score of 8.1, the impact includes high confidentiality, integrity, and availability risks.