发布时间: 2024年7月19日
修改时间: 2024年10月9日
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 5.3 | 5.3 |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | None | None |
| Integrity | Low | Low |
| Availability | None | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-3237 | mongo-c-driver security update | 2024年7月19日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | mongo-c-driver | Fixed |
| KY3.5.2 | mongo-c-driver | Fixed |
| V6 | mongo-c-driver | Fixed |
