Buffer Overflow Vulnerability in MongoDB C Driver Could Lead to Memory Corruption

CVE-2024-6383

5.3MEDIUM

Key Information

Vendor: Mongodb Inc
Status: Libbson
Vendor: CVE Published:; 3 July 2024

Summary

The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1

Affected Version(s)

libbson < 1.27.1

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 5.3 - (MEDIUM)
Jul 4, 2024
Vulnerability published.
Jul 3, 2024

Collectors

NVD DatabaseMitre Database

Credit

selmelc