CVE-2024-6383
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MongoDB Inc | libbson | 0 < 1.27.1 | affected |
Weaknesses
- CWE-122: CWE-122: Heap-based Buffer Overflow
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://jira.mongodb.org/browse/CDRIVER-5628
- https://security.netapp.com/advisory/ntap-20241004-0001/
- https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.