CVE-2024-6383

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-6383

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6383.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6383

Related

UBUNTU-CVE-2024-6383

Published

2024-07-03T22:15:03Z

Modified

2025-05-09T17:45:28.203717Z

Downstream

DLA-4160-1

Summary

[none]

Details

The bsonstringappend function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1

References

Affected packages

Debian:11 / libbson-xs-perl

Package

Name: libbson-xs-perl
Purl: pkg:deb/debian/libbson-xs-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.4-1+deb11u1

Affected versions

0.*

0.8.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libbson-xs-perl

Package

Name: libbson-xs-perl
Purl: pkg:deb/debian/libbson-xs-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.8.4-2

0.8.4-2+deb12u1

0.8.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / mongo-c-driver

Package

Name: mongo-c-driver
Purl: pkg:deb/debian/mongo-c-driver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.17.6-1

1.18.0-1

1.19.0-1

1.19.1-1

1.19.2-1

1.20.0-1

1.20.1-1

1.21.0-1

1.21.1-1

1.21.2-1

1.22.0-1

1.22.1-1

1.22.1-1+riscv64

1.23.0-1

1.23.1-1

1.24.1-1

1.24.2-1

1.24.3-1

1.24.4-1

1.25.0-1

1.25.1-1

1.25.2-1

1.25.4-1

1.25.4-1.1~exp1

1.26.0-1

1.26.0-1.1~exp1

1.26.0-1.1

1.26.1-1

1.26.2-1

1.27.0-1

1.27.1-1

1.27.2-1

1.27.3-1

1.27.4-1

1.27.5-1

1.27.6-1

1.28.0-1

1.28.1-1

1.29.0-1

1.29.1-1

1.29.2-1

1.30.0-1

1.30.1-1

1.30.2-1

1.30.3-1

1.30.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / mongo-c-driver

Package

Name: mongo-c-driver
Purl: pkg:deb/debian/mongo-c-driver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.23.1-1

1.23.1-1+deb12u1

1.24.1-1

1.24.2-1

1.24.3-1

1.24.4-1

1.25.0-1

1.25.1-1

1.25.2-1

1.25.4-1

1.25.4-1.1~exp1

1.26.0-1

1.26.0-1.1~exp1

1.26.0-1.1

1.26.1-1

1.26.2-1

1.27.0-1

1.27.1-1

1.27.2-1

1.27.3-1

1.27.4-1

1.27.5-1

1.27.6-1

1.28.0-1

1.28.1-1

1.29.0-1

1.29.1-1

1.29.2-1

1.30.0-1

1.30.1-1

1.30.2-1

1.30.3-1

1.30.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / mongo-c-driver

Package

Name: mongo-c-driver
Purl: pkg:deb/debian/mongo-c-driver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.27.1-1

Affected versions

1.*

1.23.1-1

1.24.1-1

1.24.2-1

1.24.3-1

1.24.4-1

1.25.0-1

1.25.1-1

1.25.2-1

1.25.4-1

1.25.4-1.1~exp1

1.26.0-1

1.26.0-1.1~exp1

1.26.0-1.1

1.26.1-1

1.26.2-1

1.27.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}