CVE-2024-6383
MEDIUM5.3EPSS 0.19%發布日:2024/7/3修改日:2026/4/28
描述
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
受影響套件(2)
- Debian/libbson-xs-perlfrom 0, < 0.8.4-1+deb11u1
- Debian/mongo-c-driverfrom 0, < 1.17.6-1+deb11u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |