MongoDB C Driver bson_strfreev may be susceptible to integer overflow
The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2
Problem Types
| Type | CWE ID | Description |
|---|
| CWE | CWE-680 | CWE-680: Integer Overflow to Buffer Overflow |
Type: CWE
Description: CWE-680: Integer Overflow to Buffer Overflow
Metrics
| Version | Base score | Base severity | Vector |
|---|
| 3.1 | 4.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Version: 3.1
Base score: 4.0
Base severity: MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N