CVE-2018-16790Out-of-bounds Read in Mongodb Libbson

CWE-125Out-of-bounds Read12 documents8 sources
Severity
8.1HIGHNVD
OSV7.5
EPSS
0.5%
top 35.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mongodb Libbson
Timeline
PublishedSep 10
Latest updateMay 13

Description

_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

NVDmongodb/libbson1.12.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-vmg6-94hc-5vqp: _bson_iter_next_internal in bson-iter2022-05-13
OSV
libbson vulnerabilities2021-03-15
CVEList
CVE-2018-16790: _bson_iter_next_internal in bson-iter2018-09-10
OSV
CVE-2018-16790: _bson_iter_next_internal in bson-iter2018-09-10

📋Vendor Advisories

3
Ubuntu
libbson vulnerabilities2021-03-15
Red Hat
libbson: Heap-based buffer over-read in _bson_iter_next_internal in bson-iter.c2018-09-11
Debian
CVE-2018-16790: libbson-xs-perl - _bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mo...2018

💬Community

4
Bugzilla
CVE-2018-16790 mongo-c-driver: libbson: Heap-based buffer over-read in _bson_iter_next_internal in bson-iter.c [fedora-all]2018-09-17
Bugzilla
CVE-2018-16790 libbson: Heap-based buffer over-read in _bson_iter_next_internal in bson-iter.c2018-09-11
Bugzilla
CVE-2018-16790 libbson: Heap-based buffer over-read in _bson_iter_next_internal in bson-iter.c [epel-7]2018-09-11
Bugzilla
CVE-2018-16790 libbson: Heap-based buffer over-read in _bson_iter_next_internal in bson-iter.c [fedora-all]2018-09-11
CVE-2018-16790 — Out-of-bounds Read in Mongodb Libbson | cvebase