CVE-2024-6381
MongoDB C Driver bson_strfreev may be susceptible to integer overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2
La función bson_strfreev en la librería del controlador MongoDB C puede ser susceptible a un desbordamiento de enteros donde la función intentará liberar memoria con un desplazamiento negativo. Esto puede provocar daños en la memoria. Este problema afectó a las versiones de Libbson anteriores a la 1.26.2.
Karman Liu discovered that mongo-c-driver did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Karman Liu discovered that mongo-c-driver did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-27 CVE Reserved
- 2024-07-02 CVE Published
- 2024-08-01 CVE Updated
- 2025-07-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-680: Integer Overflow to Buffer Overflow
CAPEC
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| MongoDB Inc Search vendor "MongoDB Inc" | Libbson Search vendor "MongoDB Inc" for product "Libbson" | < 1.26.2 Search vendor "MongoDB Inc" for product "Libbson" and version " < 1.26.2" | en |
Affected
| ||||||