Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-5628

MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • C Drivers
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      CVE ID:
      CVE-2024-6383

      Title:

      MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow

      Description:

      The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1

      CVSS Score:

      5.3 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

      CWE:

      CWE-122: Heap-based Buffer Overflow

      Affected Product Versions:
      libbson versions prior to 1.27.1

       

       

            Assignee:
            roberto.sanchez@mongodb.com Roberto Sanchez
            Reporter:
            karman.liu@mongodb.com Karman Liu
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: