CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

CVE-2026-6664

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

EUVD-2026-28876

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

CVE-2026-6664

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

PT-2026-39227

Name of the Vulnerable Software and Affected Versions PgBouncer versions prior to 1.25.2 Description The SCRAM code fails to correctly check the return value of the strlcat function when constructing the SCRAM client-final-message. A malicious backend can trigger a stack overflow by sending a SCR...

PgBouncer 输入验证错误漏洞

PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Prior to PgBouncer 1.25.2, there was a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows in the network packet parsing code, which allowe...

PgBouncer 安全漏洞

PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Versions of PgBouncer prior to 1.25.2 contained security vulnerabilities. These vulnerabilities stemmed from incorrect checks on the return value of strlcat during the construction of SCR...

Net::IMAP 安全漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. There were security vulnerabilities in versions of Net::IMAP between 0.4.0 and 0.4.24, 0.5.0 and 0.5.14, and 0.6.0 and 0.6.4. These vulnerabilities stemmed from the use of SCRAM-SHA1 or SCRAM-SHA25...

Linux Distros Unpatched Vulnerability : CVE-2026-6664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote...

Linux Distros Unpatched Vulnerability : CVE-2026-6665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A...

PT-2026-39226

Name of the Vulnerable Software and Affected Versions PgBouncer versions prior to 1.25.2 Description An integer overflow in the network packet parsing code allows an unauthenticated remote attacker to bypass a boundary check. By sending a malformed SCRAM authentication packet, the attacker can...

Ruby net-imap 0.4.x < 0.4.24 / 0.5.x < 0.5.14 / 0.6.x < 0.6.4 vulnerability

The version of the net-imap Ruby library installed on the remote host is prior to 0.4.x prior to 0.4.24, 0.5.x prior to 0.5.14, or 0.6.x prior to 0.6.4. It is, therefore, affected by a computational denial-of-service vulnerability. A denial of service vulnerability exists when authenticating a...

SUSE CVE-2026-42198

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

EUVD-2026-26247

pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS...

CVE-2026-42198

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

GHSA-87PF-FPWV-P7M7 net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication

Summary When authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. Details A hostile IMAP server can send an arbitrarily large PBKDF2 iteration count in the...

Use of Blocking Code in Single-threaded, Non-blocking Context

Overview Affected versions of this package are vulnerable to Use of Blocking Code in Single-threaded, Non-blocking Context through the OpenSSL::KDF.pbkdf2hmac function during SCRAM authentication. An attacker can cause the Ruby client VM to become unresponsive by sending a large iteration count...