CVE-2024-6383
published 2024-07-03CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and…
PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.63%
45.4th percentile
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libbson-xs-perl | < libbson-xs-perl 0.8.4-2+deb12u1 (bookworm) | libbson-xs-perl 0.8.4-2+deb12u1 (bookworm) |
| debian | libbson-xs-perl | — | — |
| debian | mongo-c-driver | < libbson-xs-perl 0.8.4-2+deb12u1 (bookworm) | libbson-xs-perl 0.8.4-2+deb12u1 (bookworm) |
| mongodb_inc | libbson | < 1.27.1 | 1.27.1 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv7.5HIGH
vendor_debian7.5LOW
vendor_ubuntu4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
mongo-c-driver vulnerabilities
vendor_ubuntu·2025-07-02·CVSS 4.0
CVE-2024-6383 [MEDIUM] mongo-c-driver vulnerabilities
Title: mongo-c-driver vulnerabilities
Summary: Several security issues were fixed in mongo-c-driver.
Karman Liu discovered that mongo-c-driver did not correctly handle certain
memory operations. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2024-6381)
Karman Liu discovered that mongo-c-driver did not correctly handle certain
memory operations. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS. (CVE-2024-6383, CVE-2025-0755)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2025-40906: libbson-xs-perl - BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, w...
vendor_debian·2025·CVSS 7.5
CVE-2025-40906 [HIGH] CVE-2025-40906: libbson-xs-perl - BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, w...
BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.
Scope: local
bookworm: open
bullseye: open
Debian
CVE-2024-6383: libbson-xs-perl - The bson_string_append function in MongoDB C Driver may be vulnerable to a buffe...
vendor_debian·2024·CVSS 5.3
CVE-2024-6383 [MEDIUM] CVE-2024-6383: libbson-xs-perl - The bson_string_append function in MongoDB C Driver may be vulnerable to a buffe...
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
Scope: local
bookworm: resolved (fixed in 0.8.4-2+deb12u1)
bullseye: resolved (fixed in 0.8.4-1+deb11u1)
OSV
mongo-c-driver vulnerabilities
osv·2025-07-02·CVSS 5.3
CVE-2024-6381 [MEDIUM] mongo-c-driver vulnerabilities
mongo-c-driver vulnerabilities
Karman Liu discovered that mongo-c-driver did not correctly handle certain
memory operations. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2024-6381)
Karman Liu discovered that mongo-c-driver did not correctly handle certain
memory operations. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS. (CVE-2024-6383, CVE-2025-0755)
GHSA
GHSA-5pww-x83q-7gjh: BSON::XS versions 0
ghsa_unreviewed·2025-05-16·CVSS 7.5
CVE-2025-40906 [HIGH] CWE-1104 GHSA-5pww-x83q-7gjh: BSON::XS versions 0
BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.
Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755.
BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.
OSV
CVE-2025-40906: BSON::XS versions 0
osv·2025-05-16·CVSS 7.5
CVE-2025-40906 [HIGH] CVE-2025-40906: BSON::XS versions 0
BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.
GHSA
GHSA-w25p-2jj3-j5vr: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of b
ghsa_unreviewed·2024-07-04
CVE-2024-6383 [MEDIUM] CWE-122 GHSA-w25p-2jj3-j5vr: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of b
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
OSV
CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of b
osv·2024-07-03·CVSS 5.3
CVE-2024-6383 [MEDIUM] CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of b
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-03
Published