Search CVE reports
1 – 5 of 5 results
Some fixes available 1 of 3
The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX),...
1 affected package
mongo-c-driver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mongo-c-driver | Fixed | Ignored | Ignored | — |
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined...
3 affected packages
mongo-c-driver, mongodb, php-mongodb
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mongo-c-driver | Ignored | Ignored | Ignored | — |
| mongodb | Not in release | Not in release | Ignored | Ignored |
| php-mongodb | Ignored | Ignored | Ignored | Ignored |
Some fixes available 1 of 6
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue...
2 affected packages
libbson, mongo-c-driver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libbson | Not in release | Not in release | Not in release | Needs evaluation |
| mongo-c-driver | Fixed | Ignored | Ignored | — |
Some fixes available 3 of 6
The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected...
2 affected packages
libbson, mongo-c-driver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libbson | Not in release | Not in release | Not in release | Needs evaluation |
| mongo-c-driver | Fixed | Fixed | Fixed | — |
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific...
3 affected packages
mongo-c-driver, node-mongodb, php-mongodb
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mongo-c-driver | Not affected | Not affected | Ignored | Ignored |
| node-mongodb | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
| php-mongodb | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |