Lucene search
MongodbVULNRICHMENT:CVE-2024-6383HistoryJul 03, 2024 - 9:33 p.m.
CVE-2024-6383 MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow
2024-07-0321:33:47
CWE-122
mongodb
github.com
3
mongodb
buffer overflow
vulnerability
libbson
memory corruption
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
7.5
Confidence
High
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
CNA Affected
[
{
"cpes": [
"cpe:2.3:a:mongodb:libbson:0.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:0.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:0.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:0.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:0.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:0.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:0.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:0.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:0.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:0.6.8:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:0.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:0.8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:0.8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:0.98.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.1.0:-:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.1.0:rc0:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.1.9:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.1.10:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.1.11:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.2.0:-:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.2.0:beta1:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.2.0:rc0:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.3.0:-:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.3.0:beta0:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.3.0:rc0:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.4.0:-:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.4.0:beta0:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.4.0:beta1:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.5.0:rc0:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.5.0:rc1:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.5.0:rc2:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.5.0:rc3:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.5.0:rc4:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.5.0:rc6:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.5.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.5.5:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.6.0:-:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.6.0:rc0:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.7.0:-:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.7.0:rc0:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.7.0:rc1:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.7.0:rc2:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.8.0:-:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.8.0:rc0:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.8.0:rc1:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.9.0:-:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.9.0:rc0:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.9.0:rc1:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.9.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.9.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.9.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.9.5:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.10.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.10.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.10.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.12.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.13.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.14.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.14.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.15.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.15.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.15.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.15.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.16.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.16.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.16.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.17.0:beta:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.17.0:beta2:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.17.0:rc0:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:libbson:1.17.0:*:*:*:*:*:*:*"
],
"vendor": "MongoDB Inc",
"product": "libbson",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.27.1",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]References
Related
mongodb
mongodb
MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow
2024-07-03 21:33:00
debiancve
debiancve
CVE-2024-6383
2024-07-03 22:15:03
osv
osv
CVE-2024-6383
2024-07-03 22:15:00
cve
cve
CVE-2024-6383
2024-07-03 22:15:03
ubuntucve
ubuntucve
CVE-2024-6383
2024-07-03 00:00:00
nvd
nvd
CVE-2024-6383
2024-07-03 22:15:03
cvelist
cvelist
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
7.5
Confidence
High
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-6383