Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 2.4.2, 1.17.7
Affects Version/s: None
Component/s: None
Labels:
None

Confidence Status:
None

Assigned Teams:

Go Drivers

Documentation Changes:
Not Needed

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

The gssapi_error_desc and gssapi_client_username functions read one byte past the end of GSS library buffers by copying length+1 bytes from buffers that only contain length bytes. This could cause a crash (e.g. DoS) if the GSS library returns buffers allocated at page boundaries, as the driver reads one byte past the buffer end.

Repro:

CGO_CFLAGS="-fsanitize=address" CGO_LDFLAGS="-fsanitize=address" MONGODB_URI="mongodb://fakeuser@localhost:27017/admin?authMechanism=GSSAPI" go run -tags gssapi ./internal/cmd/testentauth/main.go

is related to

GODRIVER-3772 Add AddressSanitizer support for GSSAPI enterprise auth tests

Backlog

Assignee:: Preston Vasquez
Reporter:: Preston Vasquez
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Jan 20 2026 03:55:10 PM UTC
Updated:: Feb 10 2026 07:01:27 PM UTC
Resolved:: Jan 21 2026 05:21:19 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates