[MONGOCRYPT-592] Potential buffer overflow in libmongocrypt found by Veracode Created: 07/Sep/23 Updated: 27/Oct/23 Resolved: 26/Sep/23 |
|
| Status: | Closed |
| Project: | Libmongocrypt |
| Component/s: | None |
| Affects Version/s: | 1.8.0 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Unknown |
| Reporter: | Juan Emilio Inzaurraga | Assignee: | Kevin Albertson |
| Resolution: | Gone away | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
| Comments |
| Comment by PM Bot [ 26/Sep/23 ] | |||||||||||
|
There hasn't been any recent activity on this ticket, so we're resolving it. Thanks for reaching out! Please feel free to reopen this ticket if you're still experiencing the issue, and add a comment if you're able to provide more information. | |||||||||||
| Comment by PM Bot [ 18/Sep/23 ] | |||||||||||
|
Hi jinzaurraga@coalfire.com! If this is still an issue for you, please open Jira to review the latest status and provide your feedback. Thanks! | |||||||||||
| Comment by Kevin Albertson [ 08/Sep/23 ] | |||||||||||
|
Hello jinzaurraga@coalfire.com, thank you for the report. mc-writer.c line 110 is (and has always been) an empty line: https://github.com/mongodb/libmongocrypt/blob/9b07846bef9c5bf23b1978a7765337afe9ba90fe/src/mc-writer.c#L110 Does Veracode provide more information to identify the line of code referenced (e.g. a code snippet)? The function containing line mc-writer.c line 110 contains a memcpy. There are checks to guarantee the destination has sufficient space:
If Veracode is referencing the memcpy, my guess is the cast to (size_t) may result in a false positive warning. | |||||||||||
| Comment by James Kovacs [ 07/Sep/23 ] | |||||||||||
|
Thank you for reaching out to us regarding this vulnerability. The problem identified is in the unmanaged libmongocrypt.so, which the .NET/C# Driver uses for field level encryption (FLE) and queryable encryption (QE). I have moved this ticket to Sincerely, | |||||||||||
| Comment by Juan Emilio Inzaurraga [ 07/Sep/23 ] | |||||||||||
|
Hello team!
Our veracode scan found a very high vuln on the latest version of the driver. Here are the details:
Wanted to check if you are awere of this issue and if you have any remediation plan.
Thank you Juan
| |||||||||||
| Comment by PM Bot [ 07/Sep/23 ] | |||||||||||
|
Hi jinzaurraga@coalfire.com, thank you for reporting this issue! The team will look into it and get back to you soon. |