Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-2188

OWASP security vulnerabilities in bson/buffer.c

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 3.11
    • BSON
    • None
    • cpython-35m-x86_64-linux-gnu.so

    Description

      When my IT org is running a security scan on the pymongo python module, it is picking up the BSON module file as having vulnerability. See details below:

      1. https://github.com/mongodb/mongo-python-driver/blob/d42c5105cd3fb321a1e059c4fec23314d17bcf93/bson/buffer.c#L116

      CWE Description: There is a potential buffer overflow with these functions. If an attacker can control the data written into the buffer, the overflow may result in execution of arbitrary code.

      Function Name: int buffer_write(buffer_t, const char *, int)

      Info: This call to memcpy() contains a potential buffer overflow. The specified size of 18446744073709551615 bytes is larger than the space allocated to the destination buffer ((tainted) bytes). If an attacker can control the data written into the buffer, the overflow may result in execution of arbitrary code. Ensure that the specified size is within the bounds of the allocated space. References: CWE (https://cwe.mitre.org/data/definitions/121.html) OWASP (https://www.owasp.org/index.php/Buffer_Overflow) WASC (https://webappsec.pbworks.com/Buffer-Overflow)

       

      2. https://github.com/mongodb/mongo-python-driver/blob/d42c5105cd3fb321a1e059c4fec23314d17bcf93/bson/buffer.c#L131

      Function Name: int buffer_write_at_position(buffer_t, int, const char *, int)

      This call to memcpy() contains a buffer overflow. The dest buffer variable has a size of (unavailable) bytes, but the length specified is 18446744073709551615 bytes. If an attacker can control the data written into the buffer, the overflow may result in execution of arbitrary code. Ensure that the size of the dest buffer corresponds to the length specified in the function call. References: CWE (https://cwe.mitre.org/data/definitions/121.html) OWASP (https://www.owasp.org/index.php/Buffer_Overflow) WASC (https://webappsec.pbworks.com/Buffer-Overflow)

      Please advise if this can be resolved.

      Attachments

        Issue Links

          Activity

            People

              shane.harvey@mongodb.com Shane Harvey
              mumtaz.khan@gmail.com Mumtaz K
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: