Описание
bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.
Отчет
This flaw does not affect versions of bson that are shipped with Red Hat Software Collections packages. The vulnerable code is present in an older version of bson.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | bson | Not affected | ||
| Red Hat OpenShift Application Runtimes | bson | Not affected | ||
| Red Hat Software Collections | rh-mongodb34-libbson | Not affected | ||
| Red Hat Software Collections | rh-mongodb34-mongo-c-driver | Not affected | ||
| Red Hat Software Collections | rh-mongodb36-libbson | Not affected | ||
| Red Hat Software Collections | rh-mongodb36-mongo-c-driver | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.
bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.
bson before 0.8 incorrectly uses int rather than size_t for many varia ...
bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.
Уязвимость программного пакета для парсинга BSON, вызванная целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.5 Medium
CVSS3