Buffer Overflow Vulnerability in MongoDB C Driver Could Lead to Memory Corruption
CVE-2024-6383

5.3MEDIUM

Key Information:

Vendor: MongoDB
Status: Libbson
Vendor: CVE Published:; 3 July 2024

What is CVE-2024-6383?

The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1

Affected Version(s)

libbson 0 < 1.27.1

References

https://jira.mongodb.org/browse/CDRIVER-5628

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2024

Credit

selmelc