Heap-Based Buffer Over-Read Vulnerability in MongoDB Driver
CVE-2018-16790

8.1HIGH

Key Information:

Vendor

Mongodb
Status
Libbson
Vendor
CVE Published:
10 September 2018

What is CVE-2018-16790?

A vulnerability exists in the _bson_iter_next_internal function within bson-iter.c of libbson version 1.12.0. This flaw allows for a heap-based buffer over-read, which may be exploited through a crafted BSON buffer. As a result, this can lead to unintended memory access and potential exposure of sensitive information. Affected users are encouraged to review security advisories and apply updates from MongoDB's official sources.

References

https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98...
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1627923#c3
x_refsource_CONFIRM
https://jira.mongodb.org/browse/CDRIVER-2819
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.