apk package
chainguard/pgbouncer-iamguarded-compat
pkg:apk/chainguard/pgbouncer-iamguarded-compat
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6667 | Med | 4.3 | < 1.25.2-r0 | 1.25.2-r0 | May 9, 2026 | PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization) could run this command. It would have been correct to allow only users listed in | |
| CVE-2026-6666 | Med | 5.9 | < 1.25.2-r0 | 1.25.2-r0 | May 9, 2026 | A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field. | |
| CVE-2026-6665 | Hig | 8.1 | < 1.25.2-r0 | 1.25.2-r0 | May 9, 2026 | The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow. | |
| CVE-2026-6664 | Hig | 7.5 | < 1.25.2-r0 | 1.25.2-r0 | May 9, 2026 | An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet. | |
| CVE-2025-12819 | — | < 1.25.1-r0 | 1.25.1-r0 | Dec 3, 2025 | Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage. |
- affected < 1.25.2-r0fixed 1.25.2-r0
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization) could run this command. It would have been correct to allow only users listed in
- affected < 1.25.2-r0fixed 1.25.2-r0
A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
- affected < 1.25.2-r0fixed 1.25.2-r0
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow.
- affected < 1.25.2-r0fixed 1.25.2-r0
An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.
- CVE-2025-12819Dec 3, 2025affected < 1.25.1-r0fixed 1.25.1-r0
Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.