OESA-2026-2693

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2693

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-2693.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-2693

Upstream

CVE-2026-6231

CVE-2026-6691

Published

2026-06-24T13:09:57Z

Modified

2026-06-24T13:30:06.575899775Z

Summary

mongo-c-driver security update

Details

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents.

Security Fix(es):

The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that rely on these functions to validate untrusted BSON data before further processing. This issue affects MongoDB C Driver versions prior to 1.30.5, MongoDB C Driver version 2.0.0 and MongoDB C Driver version 2.0.1.(CVE-2026-6231)

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI.(CVE-2026-6691)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / mongo-c-driver

Package

Name: mongo-c-driver
Purl: pkg:rpm/openEuler/mongo-c-driver&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.27.4-3.oe2003sp4

Ecosystem specific

{
    "aarch64": [
        "libbson-1.27.4-3.oe2003sp4.aarch64.rpm",
        "libbson-devel-1.27.4-3.oe2003sp4.aarch64.rpm",
        "mongo-c-driver-1.27.4-3.oe2003sp4.aarch64.rpm",
        "mongo-c-driver-debuginfo-1.27.4-3.oe2003sp4.aarch64.rpm",
        "mongo-c-driver-debugsource-1.27.4-3.oe2003sp4.aarch64.rpm",
        "mongo-c-driver-devel-1.27.4-3.oe2003sp4.aarch64.rpm",
        "mongo-c-driver-help-1.27.4-3.oe2003sp4.aarch64.rpm"
    ],
    "src": [
        "mongo-c-driver-1.27.4-3.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "libbson-1.27.4-3.oe2003sp4.x86_64.rpm",
        "libbson-devel-1.27.4-3.oe2003sp4.x86_64.rpm",
        "mongo-c-driver-1.27.4-3.oe2003sp4.x86_64.rpm",
        "mongo-c-driver-debuginfo-1.27.4-3.oe2003sp4.x86_64.rpm",
        "mongo-c-driver-debugsource-1.27.4-3.oe2003sp4.x86_64.rpm",
        "mongo-c-driver-devel-1.27.4-3.oe2003sp4.x86_64.rpm",
        "mongo-c-driver-help-1.27.4-3.oe2003sp4.x86_64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-2693.json"