<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 09:09:03 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[MONGOCRYPT-592] Potential buffer overflow in libmongocrypt found by Veracode</title>
                <link>https://jira.mongodb.org/browse/MONGOCRYPT-592</link>
                <project id="17481" key="MONGOCRYPT">Libmongocrypt</project>
                    <description></description>
                <environment></environment>
        <key id="2436787">MONGOCRYPT-592</key>
            <summary>Potential buffer overflow in libmongocrypt found by Veracode</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13203">Gone away</resolution>
                                        <assignee username="kevin.albertson@mongodb.com">Kevin Albertson</assignee>
                                    <reporter username="jinzaurraga@coalfire.com">Juan Emilio Inzaurraga</reporter>
                        <labels>
                    </labels>
                <created>Thu, 7 Sep 2023 17:57:18 +0000</created>
                <updated>Fri, 27 Oct 2023 19:41:38 +0000</updated>
                            <resolved>Tue, 26 Sep 2023 12:00:55 +0000</resolved>
                                    <version>1.8.0</version>
                                                                        <votes>0</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="5730886" author="dbeng-pm-bot" created="Tue, 26 Sep 2023 12:00:57 +0000"  >&lt;p&gt;There hasn&apos;t been any recent activity on this ticket, so we&apos;re resolving it. Thanks for reaching out! Please feel free to reopen this ticket if you&apos;re still experiencing the issue, and add a comment if you&apos;re able to provide more information.&lt;/p&gt;</comment>
                            <comment id="5711009" author="dbeng-pm-bot" created="Mon, 18 Sep 2023 13:10:24 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jinzaurraga%40coalfire.com&quot; class=&quot;user-hover&quot; rel=&quot;jinzaurraga@coalfire.com&quot;&gt;jinzaurraga@coalfire.com&lt;/a&gt;! &lt;a href=&quot;https://jira.mongodb.org/browse/MONGOCRYPT-592&quot; title=&quot;Potential buffer overflow in libmongocrypt found by Veracode&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MONGOCRYPT-592&quot;&gt;&lt;del&gt;MONGOCRYPT-592&lt;/del&gt;&lt;/a&gt; is awaiting your response. &lt;/p&gt;

&lt;p&gt;If this is still an issue for you, please open Jira to review the latest status and provide your feedback. Thanks!&lt;/p&gt;</comment>
                            <comment id="5689640" author="kevin.albertson" created="Fri, 8 Sep 2023 13:46:07 +0000"  >&lt;p&gt;Hello &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jinzaurraga%40coalfire.com&quot; class=&quot;user-hover&quot; rel=&quot;jinzaurraga@coalfire.com&quot;&gt;jinzaurraga@coalfire.com&lt;/a&gt;, thank you for the report.&lt;/p&gt;

&lt;p&gt;mc-writer.c line 110 is (and has always been) an empty line: &lt;a href=&quot;https://github.com/mongodb/libmongocrypt/blob/9b07846bef9c5bf23b1978a7765337afe9ba90fe/src/mc-writer.c#L110&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/libmongocrypt/blob/9b07846bef9c5bf23b1978a7765337afe9ba90fe/src/mc-writer.c#L110&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Does Veracode provide more information to identify the line of code referenced (e.g. a code snippet)?&lt;/p&gt;

&lt;p&gt;The function containing line mc-writer.c line 110 &lt;a href=&quot;https://github.com/mongodb/libmongocrypt/blob/9b07846bef9c5bf23b1978a7765337afe9ba90fe/src/mc-writer.c#L109-L119&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;contains a &lt;tt&gt;memcpy&lt;/tt&gt;&lt;/a&gt;. There are checks to guarantee the destination has sufficient space:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;CHECK_REMAINING_BUFFER_AND_RET(length);&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&amp;nbsp;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;if (length &amp;gt; SIZE_MAX) {&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;    CLIENT_ERR(&quot;%s failed to copy &quot;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;                &quot;data of length %&quot; PRIu64,&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;                writer-&amp;gt;parser_name,&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;                length);&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;    return false;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;}&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&amp;nbsp;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;memcpy(writer-&amp;gt;ptr + writer-&amp;gt;pos, buf-&amp;gt;data, (size_t)length);&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;If Veracode is referencing the &lt;tt&gt;memcpy&lt;/tt&gt;, my guess is the cast to &lt;tt&gt;(size_t)&lt;/tt&gt; may result in a false positive warning.&lt;/p&gt;</comment>
                            <comment id="5688175" author="james.kovacs" created="Thu, 7 Sep 2023 20:59:21 +0000"  >&lt;p&gt;Hi, &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jinzaurraga%40coalfire.com&quot; class=&quot;user-hover&quot; rel=&quot;jinzaurraga@coalfire.com&quot;&gt;jinzaurraga@coalfire.com&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Thank you for reaching out to us regarding this vulnerability. The problem identified is in the unmanaged &lt;tt&gt;libmongocrypt.so&lt;/tt&gt;, which the .NET/C# Driver uses for field level encryption (FLE) and queryable encryption (QE). I have moved this ticket to &lt;a href=&quot;https://jira.mongodb.org/browse/MONGOCRYPT-593&quot; title=&quot;Unskip `test-java` tasks needing JDK install&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MONGOCRYPT-593&quot;&gt;&lt;del&gt;MONGOCRYPT-593&lt;/del&gt;&lt;/a&gt; so that the appropriate engineers can investigate. Please continue following this ticket for updates.&lt;/p&gt;

&lt;p&gt;Sincerely,&lt;br/&gt;
James&lt;/p&gt;</comment>
                            <comment id="5687444" author="jinzaurraga@coalfire.com" created="Thu, 7 Sep 2023 17:59:21 +0000"  >&lt;p&gt;Hello team!&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Our veracode scan found a very high vuln on the latest version of the driver. Here are the details:&lt;br/&gt;
&lt;span class=&quot;image-wrap&quot; style=&quot;&quot;&gt;&lt;img src=&quot;https://jira.mongodb.org/secure/attachment/474225/474225_image-2023-09-07-14-58-47-909.png&quot; style=&quot;border: 0px solid black&quot; /&gt;&lt;/span&gt;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Wanted to check if you are awere of this issue and if you have any remediation plan.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Thank you&#160;&lt;/p&gt;

&lt;p&gt;Juan&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                            <comment id="5687438" author="dbeng-pm-bot" created="Thu, 7 Sep 2023 17:57:21 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jinzaurraga%40coalfire.com&quot; class=&quot;user-hover&quot; rel=&quot;jinzaurraga@coalfire.com&quot;&gt;jinzaurraga@coalfire.com&lt;/a&gt;, thank you for reporting this issue! The team will look into it and get back to you soon. &lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                            <attachment id="474225" name="image-2023-09-07-14-58-47-909.png" size="447484" author="jinzaurraga@coalfire.com" created="Thu, 7 Sep 2023 17:58:10 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i27lf4:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                </customfields>
    </item>
</channel>
</rss>