CVE-2018-16790
- Source
- https://cve.org/CVERecord?id=CVE-2018-16790
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16790.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-16790
- Downstream
- Published
- 2018-09-10T05:29:00.250Z
- Modified
- 2026-04-02T01:18:11.817807Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
bsoniternextinternal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
- References
Affected packages
Git / github.com/mongodb/mongo-c-driver
Affected versions
0.*
0.90.0
0.92.0
0.92.2
0.94.0
0.94.2
0.96.0
0.96.2
0.96.4
0.98.0
0.98.2
1.*
1.0.0
1.0.2
1.1.0
1.1.0-rc0
1.1.10
1.1.11
1.1.2
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.10.0
1.10.1
1.10.2
1.10.3
1.11.0
1.12.0
1.2.0
1.2.0-beta
1.2.0-beta1
1.2.0-rc0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.0-beta0
1.3.0-rc0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.4.0
1.4.0-beta0
1.4.0-beta1
1.4.1
1.4.2
1.4.3
1.5.0
1.5.0-rc0
1.5.0-rc1
1.5.0-rc2
1.5.0-rc3
1.5.0-rc4
1.5.0-rc6
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.6.0
1.6.0-rc0
1.6.1
1.6.2
1.6.3
1.7.0
1.7.0-rc0
1.7.0-rc1
1.7.0-rc2
1.8.0
1.8.0-rc0
1.8.0-rc1
1.8.1
1.8.2
1.9.0
1.9.0+dfsg
1.9.0-rc0
1.9.0-rc1
1.9.1
1.9.2
1.9.2+dfsg
1.9.3
1.9.3+dfsg
1.9.4
1.9.4+dfsg
1.9.5
1.9.5+dfsg
debian/1.*
debian/1.11.0-1
debian/1.2.1-1
debian/1.3.1-1
debian/1.3.5-1
debian/1.4.1-1
debian/1.4.2-1
debian/1.5.0-1
debian/1.5.3-1
debian/1.5.4-1
debian/1.6.1-1
debian/1.6.3-1
debian/1.7.0-1
debian/1.8.0-1
debian/1.8.1-1
debian/1.9.0+dfsg-1
debian/1.9.2+dfsg-1
debian/1.9.3+dfsg-1
debian/1.9.3+dfsg-2
debian/1.9.4+dfsg-1
debian/1.9.4+dfsg-2
debian/1.9.5+dfsg-1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16790.json"
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"230572384828147726758798177231607784127",
"193010568396572323432057629638187778761",
"308383410363642545101968445688044955292",
"130065544884910772829299049170521137569"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84",
"id": "CVE-2018-16790-0cbcc3ef",
"target": {
"file": "src/libbson/tests/test-bson.c"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "193941486342430174099491069527724778591",
"length": 5661.0
},
"source": "https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84",
"id": "CVE-2018-16790-3343d43e",
"target": {
"file": "src/libbson/src/bson/bson-iter.c",
"function": "_bson_iter_next_internal"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "5190524972303662446291243879713015595",
"length": 4620.0
},
"source": "https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84",
"id": "CVE-2018-16790-48ddd07c",
"target": {
"file": "src/libbson/tests/test-bson.c",
"function": "test_bson_validate"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"25158063395939030907992834329443035559",
"151438777202799389720665076878289151096",
"76831124799274643912930820928241724466",
"248988458287290360667449641644212888333"
],
"threshold": 0.9
},
"source": "https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84",
"id": "CVE-2018-16790-f31c3ccb",
"target": {
"file": "src/libbson/src/bson/bson-iter.c"
}
}
]