CVE-2024-6381Integer Overflow to Buffer Overflow in INC Libbson

CWE-680Integer Overflow to Buffer Overflow7 documents6 sources
Severity
5.3MEDIUMNVD
CNA4.0
EPSS
0.4%
top 39.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mongodb INC LibbsonMongodb Libbson
Timeline
PublishedJul 2
Latest updateJul 2

Description

The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDmongodb/libbson< 1.26.2
CVEListV5mongodb_inc/libbson< 1.26.2

🔴Vulnerability Details

4
OSV
mongo-c-driver vulnerabilities2025-07-02
CVEList
MongoDB C Driver bson_strfreev may be susceptible to integer overflow2024-07-02
GHSA
GHSA-vc2m-fm8c-xx2j: The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a n2024-07-02
OSV
CVE-2024-6381: The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a n2024-07-02

📋Vendor Advisories

2
Ubuntu
mongo-c-driver vulnerabilities2025-07-02
Debian
CVE-2024-6381: libbson-xs-perl - The bson_strfreev function in the MongoDB C driver library may be susceptible to...2024
CVE-2024-6381 — Integer Overflow to Buffer Overflow | cvebase