-
Type: Bug
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Fully Compatible
Hello,
The format string argument to sprintf() at time64.c line 793 does not properly limit the amount of data the function can write, which allows the program to write outside the bounds of allocated memory. This behavior could corrupt data, crash the program, or lead to the execution of malicious code:
\bson\time64.c (release 2.0.1)
...
793 sprintf(result, TM64_ASCTIME_FORMAT,
794 wday_name[date->tm_wday],
795 mon_name[date->tm_mon],
...
Kind Regards,
Martin