CVE-2024-5629 — Out-of-bounds Read in Mongodb Pymongo

CWE-125 — Out-of-bounds Read9 documents6 sources

Severity

8.1HIGHNVD

EPSS

0.1%

top 73.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mongodb INC Pymongo Mongodb Pymongo Debian Pymongo +1 more

Timeline

PublishedJun 5

Latest updateJul 22

Description

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages5 packages

▶debiandebian/pymongo< pymongo 3.11.0-1+deb12u1 (bookworm)

▶NVDmongodb/pymongo< 4.6.3

▶PyPImongodb_inc/pymongo< 4.6.3

▶Debianmongodb_inc/pymongo< 3.11.0-1+deb11u1+3

▶CVEListV5mongodb_inc/pymongo4.6.2

Also affects: Debian Linux 10.0

Patches

Patch: jira.mongodb.org ↗Patch: jira.mongodb.org ↗

🔴Vulnerability Details

OSV

PyMongo Out-of-bounds Read in the bson module↗2024-06-05

▶

OSV

CVE-2024-5629: An out-of-bounds read in the 'bson' module of PyMongo 4↗2024-06-05

▶

GHSA

PyMongo Out-of-bounds Read in the bson module↗2024-06-05

▶

OSV

PyMongo Out-of-bounds Read in the bson module↗2024-04-06

▶

GHSA

PyMongo Out-of-bounds Read in the bson module↗2024-04-06

▶

📋Vendor Advisories

Ubuntu

PyMongo vulnerability↗2024-07-22

▶

Red Hat

python-pymongo: Out-of-bounds read in bson module↗2024-06-05

▶

Debian

CVE-2024-5629: pymongo - An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows de...↗2024

▶