CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6383 – MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow
https://notcve.org/view.php?id=CVE-2024-6383
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1 • https://jira.mongodb.org/browse/CDRIVER-5628 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6381 – MongoDB C Driver bson_strfreev may be susceptible to integer overflow
https://notcve.org/view.php?id=CVE-2024-6381
The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2 La función bson_strfreev en la librería del controlador MongoDB C puede ser susceptible a un desbordamiento de enteros donde la función intentará liberar memoria con un desplazamiento negativo. Esto puede provocar daños en la memoria. Este problema afectó a las versiones de Libbson anteriores a la 1.26.2. • https://jira.mongodb.org/browse/CDRIVER-5622 • CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16790
https://notcve.org/view.php?id=CVE-2018-16790
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer. _bson_iter_next_internal en bson-iter.c en libbson 1.12.0, tal y como se emplea en mongo-c-driver, de MongoDB, y otros productos, tiene una sobrelectura de búfer basada en memoria dinámica (heap) mediante un búfer bson manipulado. • https://bugzilla.redhat.com/show_bug.cgi?id=1627923#c3 https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84 https://jira.mongodb.org/browse/CDRIVER-2819 • CWE-125: Out-of-bounds Read •