Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-4305

Out-of-bounds read when decoding invalid bson

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Unknown Unknown
    • 4.7, 4.6.3
    • Affects Version/s: None
    • Component/s: None
    • None
    • Python Drivers
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      CVE ID:

      CVE-2024-5629

      Title:
      Out-of-bounds read in bson module of PyMongo

      Description:
      An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.

      CVSS Score: 4.7

      https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:L

      List all affected product versions:
      MongoDB PyMongo versions prior to and including 4.6.2

      CWE:
      CWE-125: Out-of-bounds Read

      Is a fixed version available:
      4.6.3

      How was the issue found, Internally/Externally:
      Externally

            Assignee:
            shane.harvey@mongodb.com Shane Harvey
            Reporter:
            steve.silvester@mongodb.com Steve Silvester
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: