cbcvebase.
CVE-2020-12135
published 2020-04-24

CVE-2020-12135: bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter…

PriorityP420medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
1.17%
63.4th percentile
bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianduo-unix
mongodbc_driver< 0.80.8
whoopsie_projectwhoopsie<= 0.2.69
whoopsie_projectwhoopsie>= 0 < 0.2.52.5ubuntu0.50.2.52.5ubuntu0.5
whoopsie_projectwhoopsie>= 0 < 0.2.62ubuntu0.50.2.62ubuntu0.5
whoopsie_projectwhoopsie>= 0 < 0.2.69ubuntu0.10.2.69ubuntu0.1

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_redhat8.8HIGH
vendor_debian5.5LOW
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.