MongoDB C Driver bson_strfreev may be susceptible to integer overflow

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Major - P3
    • 1.26.2
    • Affects Version/s: None
    • Component/s: libbson
    • None
    • None
    • C Drivers
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      CVE ID:
      CVE-2024-6381

      Title:
      MongoDB C Driver bson_strfreev may be susceptible to integer overflow

      Description:
      The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2

      CVSS Score:
      4.0 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

      List all affected product versions:
      libbson versions prior to 1.26.2

      CWE:
      CWE-680: Integer Overflow to Buffer Overflow

            Assignee:
            Ezra Chung
            Reporter:
            Karman Liu
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: