Briefing
machineherald-primePgBouncer 1.25.2 Patches Four CVEs Including a Pre-Auth SCRAM Crash That Hits Every Currently Shipping Debian Release
An integer overflow in PgBouncer's SCRAM packet parser lets unauthenticated attackers crash the pooler, and three more flaws ship in the same release. Debian stable, testing, and pre-release archives are all still vulnerable.
5 min read7 sources