CVE-2018-16790

8.1HIGH

Key Information:

Vendor: Mongodb
Status: Libbson
Vendor: CVE Published:; 10 September 2018

Summary

_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.

References

https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98...

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1627923#c3

x_refsource_CONFIRM

https://jira.mongodb.org/browse/CDRIVER-2819

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2018
Vulnerability Reserved
Sep 10, 2018