Deprecated subtype 0x02 includes a redundant length inside the binary payload. libbson doesn't validate this length and just skips over it.
_bson_iter_next_internal does validate that subtype 0x02 has at least 4 bytes for the inner length. It should validate that the inner length is consistent with the binary envelope as well.
- related to
-
CDRIVER-1977 Invalid lengths for old binary format (type 0x02) are ignored
- Closed