CVE-2026-6664

PgBouncer · PgBouncer

An integer overflow in the network packet parsing code of PgBouncer may lead to service crashes or other undefined behavior.

Executive summary

An integer overflow vulnerability in PgBouncer's packet parsing logic can be exploited by an unauthenticated attacker to cause a denial-of-service condition.

Vulnerability

This is an integer overflow (CWE-190) occurring during the parsing of network packets. The vulnerability is remotely exploitable without authentication, potentially resulting in memory corruption or application termination.

Business impact

The primary risk associated with this vulnerability is a Denial of Service (DoS), which could disrupt database connectivity for dependent applications. While the impact is primarily on availability, the nature of the flaw could potentially be leveraged for more complex exploits. With a CVSS score of 7.5, the risk to system availability is significant enough to warrant prompt remediation.

Remediation

Immediate Action: Upgrade PgBouncer to version 1.25.2 or later to resolve the integer overflow in the packet parsing logic.

Proactive Monitoring: Monitor service uptime and error logs for frequent restarts or unexpected termination of the PgBouncer process.

Compensating Controls: Implement rate limiting and intrusion detection rules to filter malformed packets that might trigger the integer overflow.

Exploitation status

Public Exploit Available: Yes — a public proof-of-concept exists in the nicolasjulian/bouncer-overflow GitHub repository.

Analyst recommendation

Given the existence of a public proof-of-concept, the risk of exploitation is elevated. Organizations should prioritize updating to version 1.25.2 to prevent potential service disruptions and mitigate the risk of an attacker leveraging this flaw for further system exploitation.