CVE-2020-12135 in MongoDB and Whoopsieproject Products
Published on April 24, 2020
bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.
Products Associated with CVE-2020-12135
stack.watch emails you whenever new vulnerabilities are published in MongoDB C Driver or Whoopsieproject Whoopsie. Just hit a watch button to start following.
Exploit Probability
EPSS
0.35%
Percentile
56.99%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.