MongoDB C Driver bson_strfreev may be susceptible to integer overflow

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Major - P3
    • 1.26.2
    • Affects Version/s: None
    • Component/s: libbson
    • None
    • None
    • C Drivers
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      CVE ID:
      CVE-2024-6381

      Title:
      MongoDB C Driver bson_strfreev may be susceptible to integer overflow

      Description:
      The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2

      CVSS Score:
      4.0 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

      List all affected product versions:
      libbson versions prior to 1.26.2

      CWE:
      CWE-680: Integer Overflow to Buffer Overflow

              Assignee:
              Ezra Chung
              Reporter:
              Karman Liu (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: