CVE-2024-6381

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-6381
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6381.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-6381
Downstream
Published
2024-07-02T18:15:03.963Z
Modified
2026-04-02T12:25:45.232128Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2

References

Affected packages

Git / github.com/mongodb/mongo-c-driver

Affected ranges

Type
GIT
Repo
https://github.com/mongodb/mongo-c-driver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
586171d661f584d841bdc32fc998e9f6cf903228
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.26.2"
        }
    ]
}

Affected versions

0.*
0.90.0
0.92.0
0.92.2
0.94.0
0.94.2
0.96.0
0.96.2
0.96.4
0.98.0
0.98.2
1.*
1.0.0
1.0.2
1.1.0
1.1.0-rc0
1.1.10
1.1.11
1.1.2
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.10.0
1.10.1
1.10.2
1.10.3
1.11.0
1.12.0
1.13.0
1.13.1
1.14.0
1.14.1
1.15.0
1.15.1
1.15.2
1.15.3
1.16.0
1.16.1
1.16.2
1.17.0
1.17.0-beta
1.17.0-beta2
1.17.0-rc0
1.17.1
1.17.2
1.17.3
1.17.4
1.17.5
1.17.6
1.17.7
1.18.0
1.18.0-alpha
1.18.0-alpha2
1.19.0
1.19.1
1.19.2
1.2.0
1.2.0-beta
1.2.0-beta1
1.2.0-rc0
1.2.1
1.2.2
1.2.3
1.2.4
1.20.0
1.20.1
1.21.0
1.21.1
1.21.2
1.22.0
1.22.0-beta0
1.22.1
1.22.2
1.23.0
1.23.1
1.23.2
1.23.3
1.23.4
1.23.5
1.24.0
1.24.1
1.24.2
1.24.3
1.24.4
1.25.0
1.25.1
1.25.2
1.25.3
1.25.4
1.26.0
1.26.1
1.27.0
1.27.1
1.27.2
1.27.3
1.27.4
1.27.5
1.27.6
1.28.0
1.28.1
1.29.0
1.29.1
1.29.2
1.3.0
1.3.0-beta0
1.3.0-rc0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.30.0
1.30.1
1.30.2
1.30.3
1.30.4
1.30.5
1.30.6
1.30.7
1.4.0
1.4.0-beta0
1.4.0-beta1
1.4.1
1.4.2
1.4.3
1.5.0
1.5.0-rc0
1.5.0-rc1
1.5.0-rc2
1.5.0-rc3
1.5.0-rc4
1.5.0-rc6
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.6.0
1.6.0-rc0
1.6.1
1.6.2
1.6.3
1.7.0
1.7.0-rc0
1.7.0-rc1
1.7.0-rc2
1.8.0
1.8.0-rc0
1.8.0-rc1
1.8.1
1.8.2
1.9.0
1.9.0+dfsg
1.9.0-rc0
1.9.0-rc1
1.9.1
1.9.2
1.9.2+dfsg
1.9.3
1.9.3+dfsg
1.9.4
1.9.4+dfsg
1.9.5
1.9.5+dfsg
2.*
2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2
2.2.0
2.2.1
2.2.2
2.2.3
debian/1.*
debian/1.11.0-1
debian/1.13.0-1
debian/1.13.1-1
debian/1.14.0-1
debian/1.14.0-1+deb10u1
debian/1.14.1-1
debian/1.15.0-1
debian/1.15.1-1
debian/1.15.2-1
debian/1.16.0-1
debian/1.16.1-1
debian/1.17.0-1
debian/1.17.2-1
debian/1.17.3-1
debian/1.17.4-1
debian/1.17.5-1
debian/1.17.6-1
debian/1.17.6-1+deb11u1
debian/1.17.6-1+deb11u2
debian/1.18.0-1
debian/1.19.0-1
debian/1.19.1-1
debian/1.19.2-1
debian/1.2.1-1
debian/1.20.0-1
debian/1.20.1-1
debian/1.21.0-1
debian/1.21.1-1
debian/1.21.2-1
debian/1.22.0-1
debian/1.22.1-1
debian/1.23.0-1
debian/1.23.1-1
debian/1.23.1-1+deb12u1
debian/1.23.1-1+deb12u2
debian/1.24.1-1
debian/1.24.2-1
debian/1.24.3-1
debian/1.24.4-1
debian/1.25.0-1
debian/1.25.1-1
debian/1.25.2-1
debian/1.25.4-1
debian/1.26.0-1
debian/1.26.0-1.1
debian/1.26.1-1
debian/1.3.1-1
debian/1.3.5-1
debian/1.4.1-1
debian/1.4.2-1
debian/1.5.0-1
debian/1.5.3-1
debian/1.5.4-1
debian/1.6.1-1
debian/1.6.3-1
debian/1.7.0-1
debian/1.8.0-1
debian/1.8.1-1
debian/1.9.0+dfsg-1
debian/1.9.2+dfsg-1
debian/1.9.3+dfsg-1
debian/1.9.3+dfsg-2
debian/1.9.4+dfsg-1
debian/1.9.4+dfsg-2
debian/1.9.5+dfsg-1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6381.json"