PgBouncer integer overflow in PgBouncer network packet parsing
Title source: cnaExploitation Summary
CVE-2026-6664 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including nicolasjulian.
AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2026-6664, demonstrating a PgBouncer crash via an integer overflow in the `mbuf_get_bytes()` function. The exploit leverages a malformed SASL initial response to trigger a denial-of-service condition in PgBouncer versions <= 1.25.1.
Description
An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.
Exploits (1)
This repository contains a functional proof-of-concept exploit for CVE-2026-6664, demonstrating a PgBouncer crash via an integer overflow in the `mbuf_get_bytes()` function. The exploit leverages a malformed SASL initial response to trigger a denial-of-service condition in PgBouncer versions <= 1.25.1.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H