cbcvebase.
CVE-2024-6383
published 2024-07-03

CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and…

PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.63%
45.4th percentile
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1

Affected

4 ranges
VendorProductVersion rangeFixed in
debianlibbson-xs-perl< libbson-xs-perl 0.8.4-2+deb12u1 (bookworm)libbson-xs-perl 0.8.4-2+deb12u1 (bookworm)
debianlibbson-xs-perl
debianmongo-c-driver< libbson-xs-perl 0.8.4-2+deb12u1 (bookworm)libbson-xs-perl 0.8.4-2+deb12u1 (bookworm)
mongodb_inclibbson< 1.27.11.27.1

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv7.5HIGH
vendor_debian7.5LOW
vendor_ubuntu4.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.