Lucene search
K

164 matches found

OSV
OSV
added 2026/06/24 1:9 p.m.4 views

OESA-2026-2692 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The MongoDB C Driver's Cyrus SASL integration performs unsafe...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:9 p.m.4 views

OESA-2026-2691 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The MongoDB C Driver's Cyrus SASL integration performs unsafe...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:9 p.m.5 views

OESA-2026-2690 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The MongoDB C Driver's Cyrus SASL integration performs unsafe...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.20 views

Linux Distros Unpatched Vulnerability : CVE-2026-9100

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection...

6CVSS5.8AI score0.00281EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/21 8:29 a.m.16 views

CVE-2026-9100

A flaw was found in the MongoDB C Driver's legacy GridFS API. This vulnerability allows an attacker to craft malicious documents in a GridFS collection. When an application reads these crafted files via the legacy API, it may either crash due to a division-by-zero error, leading to a Denial of...

6CVSS5.6AI score0.00281EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/20 5:16 p.m.13 views

CVE-2026-9100

The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash via a division-by-zero or silently leak process memo...

6CVSS5.8AI score0.00281EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 5:16 p.m.7 views

UBUNTU-CVE-2026-9100

The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash via a division-by-zero or silently leak process memo...

6CVSS5.8AI score0.00281EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in mongo-c-driver

When calling bsonutf8validate on certain inputs, it is possible for an infinite loop to occur, with no way to exit. This issue affects All MongoDB C Driver versions prior to version 1.25.0...

7.5CVSS7.2AI score0.01103EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/15 2:12 p.m.9 views

CVE-2026-6691

A flaw was found in the MongoDB C Driver's Cyrus SASL integration. This vulnerability, a heap buffer overflow, occurs due to unsafe string copying during username canonicalization. A remote attacker can exploit this by providing untrusted input in the username of a MongoDB URI with...

8.6CVSS6.4AI score0.00126EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 6:30 p.m.6 views

EUVD-2026-27838

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 5:27 p.m.12 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via unsafe string copying in the canonicalization process. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted username in the MongoDB URI with authMechanism=GSSAPI before...

8.6CVSS6.2AI score0.00126EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/06 3:8 p.m.10 views

CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 3:8 p.m.6 views

CVE-2026-6691

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/06 3:8 p.m.25 views

CVE-2026-6691

CVE-2026-6691 affects the MongoDB C Driver Cyrus SASL integration. The issue is unsafe string copying during username canonicalization, leading to a heap buffer overflow before any authentication or network traffic. The vulnerability can be triggered by untrusted input in the username of a MongoD...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2026/05/06 3:8 p.m.9 views

MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

MongoDB C Driver 安全漏洞

The MongoDB C Driver is an open-source library developed by MongoDB, designed to connect to and manipulate MongoDB databases in C-language programs. There is a security vulnerability in the MongoDB C Driver, which stems from the insecure string copying performed during username normalization by t...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References1
Redos
Redos
added 2026/05/05 12:0 a.m.8 views

ROS-20260505-73-0075

Vulnerability in mongo-c-driver related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS5.8AI score0.00184EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.8 views

PT-2026-37642

Name of the Vulnerable Software and Affected Versions mongo-c-driver affected versions not specified Description The Cyrus SASL integration in the MongoDB C Driver performs unsafe string copying during username canonicalization. This leads to a heap buffer overflow, which is a memory corruption...

8.6CVSS6AI score0.00126EPSS
Exploits0References23
OSV
OSV
added 2026/04/23 3:10 p.m.7 views

JLSEC-2026-182

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...

3.7CVSS5.8AI score0.00187EPSS
Exploits0References1
OSV
OSV
added 2026/04/23 3:10 p.m.5 views

JLSEC-2026-179

When calling bsonutf8validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0...

7.5CVSS6.7AI score0.01103EPSS
Exploits0References6
Rows per page
Query Builder