← voltar
CVE-2024-6383

MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow

CVSS 5.3 MEDIUMEPSS 0.6%CWE-122
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Produtos afetados
MongoDB Inc · libbson

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://jira.mongodb.org/browse/CDRIVER-5628https://lists.debian.org/debian-lts-announce/2025/05/msg00012.htmlhttps://lists.debian.org/debian-lts-announce/2025/05/msg00027.htmlhttps://security.netapp.com/advisory/ntap-20241004-0001/