ALT-PU-2019-4166-1
Closed vulnerabilities
Published: 2018-09-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-16790
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
Severity: HIGH (8.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1627923#c3
- https://bugzilla.redhat.com/show_bug.cgi?id=1627923#c3
- https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84
- https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84
- https://jira.mongodb.org/browse/CDRIVER-2819
- https://jira.mongodb.org/browse/CDRIVER-2819