65 matches found
CVE-2025-14911 Integer Overflow in GridFS chunkSize Leading to Heap Allocation Failure
User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container...
PT-2026-4984
Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description User-controlled chunkSize metadata lacks appropriate validation, potentially leading to malformed GridFS metadata overflowing the bounding container. This can result in a heap allocation...
MongoDB security vulnerabilities
MongoDB is a document-oriented database management system developed by MongoDB Corporation in the United States. There is a security vulnerability in MongoDB, which stems from insufficient validation of the chunkSize metadata. This vulnerability may lead to a overflow of the boundary container du...
Rocket.Chat: Upload of Avatars for other Users
The vulnerability allowed unprivileged users to upload avatar pictures on behalf of other users. The effect of the exploit depended on the storage backend, with the default GridFS being affected. The vulnerability was found in the Rocket.Chat development version at commit 5f0180dc...
Fedora 29 : mongo-c-driver (2018-2f8f5f75f1)
libbson 1.13.0 Features: - New functions to save and restore progress of a bsonitert: bsoniterkeylen, bsoniteroffset, and soniterinitfromdataatoffset Additional functions bsoniteroverwritedatetime, bsoniteroverwriteoid, and bsoniteroverwritetimestamp. All fixed-length BSON values can now be updat...