CPANSA-BSON-XS-2024-6383-libbson: BSON-XS vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2024-07-03T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2024-07-03T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | 5.3 | Severity | Moderate |
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
Vulnerabilities
CVE-2024-6383
Vulnerability DescriptionThe bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
| Weakness | CWE-122 : Heap-based Buffer Overflow |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| BSON-XS greater than or equal 0.2.0 and less than or equal 0.8.4 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-BSON-XS-2024-6383-libbson JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2024/cpansa-bson-xs-2024-6383-libbson.json - https://nvd.nist.gov/vuln/detail/CVE-2024-6383 external
https://nvd.nist.gov/vuln/detail/CVE-2024-6383 - https://jira.mongodb.org/browse/CDRIVER-5628 external
https://jira.mongodb.org/browse/CDRIVER-5628 - CVE-2024-6383 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2024-6383
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Wed Jul 3 00:00:00 2024 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/