ALT Linux Team

Package pgbouncer update in c10f2 on 2025-12-05

ALT-PU-2025-15347-3

Package pgbouncer updated to version 1.25.1-alt1 for branch c10f2 in task 401759.

Closed vulnerabilities

Published: 2025-12-05
Modified: 2026-03-13

BDU:2025-15208

Уязвимость программного обеспечения для пула соединения в PostgreSQL PgBouncer, связанная с ненадежным путем поиска, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.1)Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C
References:
Published: 2025-12-03
Modified: 2025-12-27

CVE-2025-12819

Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top