Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-5622

MongoDB C Driver bson_strfreev may be susceptible to integer overflow

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • 1.26.2
    • Affects Version/s: None
    • Component/s: libbson
    • None
    • C Drivers
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      CVE ID:
      CVE-2024-6381

      Title:
      MongoDB C Driver bson_strfreev may be susceptible to integer overflow

      Description:
      The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2

      CVSS Score:
      4.0 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

      List all affected product versions:
      libbson versions prior to 1.26.2

      CWE:
      CWE-680: Integer Overflow to Buffer Overflow

            Assignee:
            ezra.chung@mongodb.com Ezra Chung
            Reporter:
            karman.liu@mongodb.com Karman Liu
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: