CVE-2024-6383 — Heap-based Buffer Overflow in INC Libbson

CWE-122 — Heap-based Buffer Overflow7 documents6 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 54.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mongodb INC Libbson

Timeline

PublishedJul 3

Latest updateJul 2

Description

The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5mongodb_inc/libbson< 1.27.1

🔴Vulnerability Details

OSV

mongo-c-driver vulnerabilities↗2025-07-02

▶

GHSA

GHSA-w25p-2jj3-j5vr: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of b↗2024-07-04

▶

OSV

CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of b↗2024-07-03

▶

CVEList

MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow↗2024-07-03

▶

📋Vendor Advisories

Ubuntu

mongo-c-driver vulnerabilities↗2025-07-02

▶

Debian

CVE-2024-6383: libbson-xs-perl - The bson_string_append function in MongoDB C Driver may be vulnerable to a buffe...↗2024

▶