CVE-2024-6383
MEDIUM5.3EPSS 0.19%Published: 7/3/2024Modified: 4/28/2026
Description
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
Affected packages (2)
- Debian/libbson-xs-perlfrom 0, < 0.8.4-1+deb11u1
- Debian/mongo-c-driverfrom 0, < 1.17.6-1+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |