The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2
Weakness
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libbson | Mongodb | * | 1.26.2 (excluding) |
| Mongo-c-driver | Ubuntu | esm-apps/focal | * |
| Mongo-c-driver | Ubuntu | esm-apps/jammy | * |
| Mongo-c-driver | Ubuntu | esm-apps/noble | * |
| Mongo-c-driver | Ubuntu | focal | * |
| Mongo-c-driver | Ubuntu | jammy | * |
| Mongo-c-driver | Ubuntu | mantic | * |
| Mongo-c-driver | Ubuntu | noble | * |
| Mongo-c-driver | Ubuntu | upstream | * |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/10.html
- https://cwe.mitre.org/data/definitions/100.html
- https://cwe.mitre.org/data/definitions/14.html
- https://cwe.mitre.org/data/definitions/24.html
- https://cwe.mitre.org/data/definitions/45.html
- https://cwe.mitre.org/data/definitions/46.html
- https://cwe.mitre.org/data/definitions/47.html
- https://cwe.mitre.org/data/definitions/67.html
- https://cwe.mitre.org/data/definitions/8.html
- https://cwe.mitre.org/data/definitions/9.html
- https://cwe.mitre.org/data/definitions/92.html