MongoDB C Driver libbson buffer overflow vuln (pre1.27.1)
CVE-2024-6383 Published on July 3, 2024
MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
Vulnerability Analysis
CVE-2024-6383 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2024-6383
stack.watch emails you whenever new vulnerabilities are published in Canonical Ubuntu Linux or MongoDB Libbson. Just hit a watch button to start following.
Affected Versions
MongoDB Inc libbson:- Before 1.27.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.