CVE-2020-12135
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-12135
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12135.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-12135
- Downstream
- Published
- 2020-04-24T01:15:11Z
- Modified
- 2025-11-06T01:08:28.843045Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
bson before 0.8 incorrectly uses int rather than sizet for many variables, parameters, and return values. In particular, the bsonensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.
- References
-
- https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560
- https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca#diff-f7d29a680148f52d6601f59ed787f577
- https://launchpadlibrarian.net/474887364/bson-fix-overflow.patch
- https://usn.ubuntu.com/4450-1/
Affected packages
Git / github.com/mongodb/mongo-c-driver
Git / github.com/10gen-archive/mongo-c-driver-legacy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/10gen-archive/mongo-c-driver-legacy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"3598376030161994374499160745518439155",
"188175331585084854337657776253058454238",
"128742861977115401042654135393502985014",
"123275779325286253793652006825543379482",
"40826582267018981977787083822451501079"
]
},
"target": {
"file": "src/encoding.h"
},
"signature_type": "Line",
"id": "CVE-2020-12135-09225cc0",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"336591053878063977449895111453874789214",
"234502528947190592992720307528308419077",
"44422664705097554166850405362313524292",
"108455919143861906950457805544579291105",
"55988635256864840873395528034754577536",
"75698100616493481965256198319042322188",
"44784689919607431309658664944046253117",
"293925236163208479159343577853826575061",
"48910146053087749995988601049271794967",
"132534352559135223235609425368761952662",
"8037035907743845151440958716335128216",
"104672437958863179134008346442911476883",
"103878534576975538791560360780171956950",
"316821825084926987115007535949670785688",
"134822826067594855136343876784807596270",
"323889146748298730915424429710116324447",
"338437202638035245350380560667786713",
"202773124744990524993811594678639200893",
"103413517504286432789978995654698939543",
"333840060539905030592266204837636635022",
"185325938504256747787460578549744605666",
"175200421387655209884591375373454759262",
"257689388660128988756468124277399570009",
"197008132267279721083365788183673146918",
"87720853633410578495999208785286435508",
"206702327543639727071698196305483354358",
"169033254800075677490674709765953451903",
"263653557206975896908524679169161994346"
]
},
"target": {
"file": "src/gridfs.c"
},
"signature_type": "Line",
"id": "CVE-2020-12135-2042373c",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 389.0,
"function_hash": "270390227834509889898760372380378731851"
},
"target": {
"function": "mongo_pass_digest",
"file": "src/mongo.c"
},
"signature_type": "Function",
"id": "CVE-2020-12135-25967a37",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"8538192562051996107135665361236164592",
"171548600575032415922399636436937899711",
"132737018607488464036385713630147862324",
"264091552227730777307704326819026632801",
"40155336893437970174907660847292759348",
"319198000888425769685190116760559298312",
"150243267202037969004170398465053088485",
"326059368991632511889453366463397899177",
"7890796483704022117710424306230223827",
"153629248700121360610398092208558523330",
"229555891115612443789159370398927915941",
"206244367464583753864908026390972041233",
"291738544569015633072337338128557906363",
"143557167910868421695167437059820189674",
"300449694031464884352436208973644675019",
"5957252630762384304355657531666487933",
"220926439709249952663449515156995087847"
]
},
"target": {
"file": "src/encoding.c"
},
"signature_type": "Line",
"id": "CVE-2020-12135-34848c05",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"30670129135407048501724347128298068186",
"207414275786265040729592204135648158391",
"63390020104550009340250468441527378837",
"204668336593719554804257542005603084998"
]
},
"target": {
"file": "src/bcon.c"
},
"signature_type": "Line",
"id": "CVE-2020-12135-34a3be9c",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"108220082112511021022053686250234182979",
"40771040368783361170837988182000176570",
"318236977319155617793074422367352994555",
"248599592719444990477050483216507848748",
"292427252508527110083984778749027939154",
"17224559715514011411357151945442397488",
"209688870522729378630422819690902656300",
"175236256325904891768731335085997483915",
"60018974170371852443143723712853191211",
"163266284266988098319361577364518994003",
"267485648231146949664340350584631063972",
"72148895891327652488084458125416836749",
"116067843981155760007798976172146853395",
"98045171365025028755490885943921535155",
"55528120625556417964425960281152379014",
"87074026034097280254097171489467187375",
"273561483529778840894665090466063207376",
"181953469905682271611186612361385219713",
"173001143453972279460371242774240335395",
"20052529468764701327688099170750495037",
"271231602003178930713712376587855295079",
"236025023796588804395967964749118715990",
"250182795565642138390187111909966021650",
"137135429747592176150330973729669091525",
"236784019585778801281180424548708327723",
"187302159248890577004178435483137955647",
"269117049358166310503197976537297798793",
"237872093425583776696855916322689884627"
]
},
"target": {
"file": "src/bson.h"
},
"signature_type": "Line",
"id": "CVE-2020-12135-3e2fd5a6",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 339.0,
"function_hash": "327961451734552262886933884859555984020"
},
"target": {
"function": "bson_finish",
"file": "src/bson.c"
},
"signature_type": "Function",
"id": "CVE-2020-12135-462b2393",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"73402272322500330170359679057961320341",
"169957687002062295744482631040616272932",
"1792767329797466353659431845168328026",
"91131619148119911849886822804182206933",
"236571120512672438491539284058493734744",
"171109578866762219459447613761080339349",
"30746218033914000935686331251568332898",
"204447409079104039476664373897172706887"
]
},
"target": {
"file": "src/gridfs.h"
},
"signature_type": "Line",
"id": "CVE-2020-12135-4a32b561",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 442.0,
"function_hash": "237304743751324393657928955605132726504"
},
"target": {
"function": "bson_append_string_base",
"file": "src/bson.c"
},
"signature_type": "Function",
"id": "CVE-2020-12135-51a49cdd",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 980.0,
"function_hash": "266827202101787547053778596676318259334"
},
"target": {
"function": "mongo_cmd_authenticate",
"file": "src/mongo.c"
},
"signature_type": "Function",
"id": "CVE-2020-12135-55597ab3",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"159632323427898912896708267826435775918",
"319802081270888107683734846962130059445",
"202587265046007546099854942506839489329",
"236970479031580322992586628453129282128",
"337027462276670552530715458906405217399",
"252058464696706748149717582621576413587",
"325976940916308327867741227671731654470",
"28739476643964480900444324113397729897",
"192930549844541768459043560482901573447",
"206399543149884529194769715049287725640",
"287041594307876580169629642539521693623",
"163820117138173794546420044402316076176",
"185154108874252281316194829109481969241",
"209618556462617152084595617050111199494",
"86254564559271840329838854061343438475",
"146507559009936723040289839159641360896",
"23918424358579832138044476503779732685",
"217983846550622988421963635484486155299",
"272045474242128979808606851262306348452",
"139976233815720726809689836365119907851",
"312820265157596308358075949802527746244",
"245104828526397021004961414994093397196",
"111536750396880250935267057333319145745",
"111002613751726889322210325907383709322",
"224181453533256284045999010928437226324",
"274244599400265873996940659901567179733",
"103294722505997289595675714810669434645",
"88541598264429154911797610868614361807",
"194430409985649342123081971493783858627",
"15103693076621011176206117185438604329",
"295236486597858909967694224633849484882",
"85324728341824707934696281071183797181",
"90212671046352105808456499781607595588",
"11797602686861634668783585941658798601",
"287577399444003229319605869684889220144",
"92756548734444510791330104244045969124",
"117989130278536084817815808562321072765",
"193779026531800829123853692812182643124",
"81055769158067756694446746813696236310",
"244852946686059980489810245219575067125",
"93976934530758993058358536564554568928",
"43449914906366465314419497218284803989",
"126415487612283565492551906742429361990",
"59736587440565314129427249139761241093",
"125762291735830949979043882652119086992",
"28197917042785084161154169365363049392",
"290244991818705715821436111674856539157",
"292679023722529804089223688014072938977",
"74467137773495799083939456421758018394",
"114676433407996824047196064089943023975",
"237133775934597641672236288494405796186",
"46843626989492159491088384121669127230",
"178865056500381924473559495884992505906",
"61759313884131913723963761630370221716",
"273912106400741906291514852261718170856",
"31223196900389373974633742958548313344",
"261950972216913562280867612049912599616",
"105852201296843810572502227839128244025",
"138619303890214294542168574696653456606",
"287176826434346362632157972852396502659",
"87980032438363649053383068529250328686",
"43528202424120492807668557152586409775",
"217913028057331960162483499484890566949",
"266062524019335605886525346801552840053",
"164339216910059094923814509314905041460",
"79343160252292949732730166878418835702",
"256377575580251771092719423309956974063",
"269370653523045325644486932325069622897",
"97553212700208594456851854926266585501",
"278424973187094604104062497269285358262",
"246805362345703682639847726037138343029",
"55687498457856405006459903245319231034",
"140215796927752606810576485807602773541",
"188818943187253681240647435396523838478",
"20555283497365896910382079304178509871",
"247439391687585711494330167768191913637",
"260411425992340971203547195622823274155",
"316746250926185331781436919586859107273",
"16531431073507625325449605753897151497",
"32468521294331915982603364643212628453",
"69366960228560744853082420279815325081",
"113367424888415635774937844489882638786",
"75945973351635658208007290645249853341",
"264414329240752894386032490082437418124",
"125038528126561807743650575935493259296",
"299587071761424142078236653950581882797",
"311062604824567778440904954756936630081",
"173407199169699819822828721160822160897",
"322782074862252509061728203326903730868",
"263240296879074758370211837964648061609",
"150297849505685669145043127680384929312",
"202433091732445341642698932490719372330",
"293451028784069764423303004413039314650",
"322461551070822351444529599534400595843",
"41582652495791284384634948986846753457",
"337369840390999071563819421079171133364",
"249978856166042547124684853760308084088",
"9037351898396394856261322720528798102",
"294696540312192030766751845346797762065",
"205400617386959407621197597344204671248",
"11391501057710369245084053304108715",
"312254426408188346825334182259871385472",
"318521821147990152031732067235507133717",
"1026669326826787734914828990978650327",
"91905691512643884410398859679171068580",
"231426528635684322731566130661891910010",
"309955414208555151925084569625846630778",
"31682101484741092814692792835978177843"
]
},
"target": {
"file": "src/bson.c"
},
"signature_type": "Line",
"id": "CVE-2020-12135-6f43ce3a",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 623.0,
"function_hash": "244358658856347886221822738388901414013"
},
"target": {
"function": "bson_append_binary",
"file": "src/bson.c"
},
"signature_type": "Function",
"id": "CVE-2020-12135-9353205c",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"268807570740004622668556831926281411113",
"317419178946950055520555600959873635070",
"47470031436815847649090443335251612058",
"268448881497214073137798991345525247764",
"255363163581788599511336757301697615719",
"251926647532670558925885800113260139317",
"47185803764611589893598026215169073796",
"155799298337741079716586038718087162427",
"313587008621880614887597009108975599340",
"264305117801616291546412496742337823921",
"54065573801892141386736472983098487577",
"90347915791125572348254497752527963770",
"12069746270514473585228282388680515382",
"309241479710713610467493130032281255631",
"305258086103528119469576102931442677591",
"187824773138389994475443441552272457600",
"214112811599309174094080964404101357803",
"264041462720207446136161248202489638367",
"159919237432372422239274585118856124196",
"184503268586474767316668948454597114654",
"35286260965554113343244328311030169872",
"49118714246100199739743034960438372578",
"28879300002796582965330567126721526782",
"313587008621880614887597009108975599340",
"264305117801616291546412496742337823921",
"54065573801892141386736472983098487577",
"90347915791125572348254497752527963770",
"12069746270514473585228282388680515382",
"184920151441164203956367158565825784766",
"56738992451999405949527572971265024922",
"152848455783564906832895749558981128824",
"201166260699976924181939206525005426317",
"95836365725153973525004699486109767680",
"160192496456669142630106986762771084746",
"138548797074062851277464771557694539987",
"35286260965554113343244328311030169872",
"49118714246100199739743034960438372578",
"28879300002796582965330567126721526782",
"313587008621880614887597009108975599340",
"264305117801616291546412496742337823921",
"54065573801892141386736472983098487577",
"90347915791125572348254497752527963770",
"12069746270514473585228282388680515382",
"256621928014529735687661100907974395623",
"102243371366495758419837226296140088994"
]
},
"target": {
"file": "src/env.c"
},
"signature_type": "Line",
"id": "CVE-2020-12135-93c5d749",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 303.0,
"function_hash": "289726486914601067861133528861990659883"
},
"target": {
"function": "mongo_message_create",
"file": "src/mongo.c"
},
"signature_type": "Function",
"id": "CVE-2020-12135-a936efea",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 286.0,
"function_hash": "158111264753697519829477323417386590947"
},
"target": {
"function": "bson_append_finish_object",
"file": "src/bson.c"
},
"signature_type": "Function",
"id": "CVE-2020-12135-ab777939",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 886.0,
"function_hash": "94209456323227563504544373693406942807"
},
"target": {
"function": "gridfile_get_chunks",
"file": "src/gridfs.c"
},
"signature_type": "Function",
"id": "CVE-2020-12135-bb8b9f16",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"126980913389781568650565274096206509546",
"272948625584002644252716705179502435300",
"178229141924156877746354100154441290085",
"186957615594593707971942897823424631858",
"173190833708888938956195109439044877286",
"107742192961067113202805250900855787464",
"283423863612658206043589790059674826567",
"238596320009192129581373813885568987513",
"62877286397181019600820839972550416126",
"9266025573419674438047626607324497734",
"152074869465638407964799106994644344753",
"242709852737564520487518084623572497265",
"298328621212626921612813649169001496681",
"276153273076927988135258867148383222759",
"88304830294368766352102174148867519398",
"131278952138033891068001262139340546240",
"313799507409278680239193812369632544743",
"152373538914170795544378273595217578689",
"288500068114742325358310799470561146251",
"59597499851313988366705036847372217634",
"170506957821752069591149587964883482190",
"256720785475727267234215411958914940556",
"240426609587334151481596972152802799827",
"100220284270468745700309745306028723711",
"177818961685773322134984995660215254749",
"307985334983276630306034725645276377218",
"272732832448048205227684254461113356650",
"115458543550935866148405274062480279977",
"108512623488851134310830672468820119244",
"199392319685845153711417843909281292572",
"156603935628081533336313244932227772894",
"77940724289127757098285964552050252809",
"37191859476767270373201040062372319930",
"101316638773034599653245488303485831645",
"189927721673923483309344704350515831270",
"195009693520827453164063854078789185902",
"333542727436808206713053022103425894002",
"150314579057795315129895119968296744939",
"60364491780342853333869941490648366935",
"327750558268701119705639894120349679324"
]
},
"target": {
"file": "src/mongo.c"
},
"signature_type": "Line",
"id": "CVE-2020-12135-bf22f83f",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"190091122791294015573834513543761919646",
"2163604712339583726468420872631478176",
"25964213503642484168558040291748303495",
"60563742927596724969238248506127966894",
"277831385819130471063346667084182643361"
]
},
"target": {
"file": "src/env.h"
},
"signature_type": "Line",
"id": "CVE-2020-12135-c42c01a4",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2162.0,
"function_hash": "310707415071033948550661224255270692834"
},
"target": {
"function": "bson_append_bcon_with_state",
"file": "src/bcon.c"
},
"signature_type": "Function",
"id": "CVE-2020-12135-f9f5fd39",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 488.0,
"function_hash": "136135431874179824316803860543176360959"
},
"target": {
"function": "bson_append_code_w_scope_n",
"file": "src/bson.c"
},
"signature_type": "Function",
"id": "CVE-2020-12135-fcc925a9",
"source": "https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca"
}
]