{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-6383","assignerOrgId":"a39b4221-9bd0-4244-95fc-f3e2e07f1deb","state":"PUBLISHED","assignerShortName":"mongodb","dateReserved":"2024-06-27T08:43:40.268Z","datePublished":"2024-07-03T21:33:47.598Z","dateUpdated":"2025-11-03T19:34:31.467Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:mongodb:libbson:0.2.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.2.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.2.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.4.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.5.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.6.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.6.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.6.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.6.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.6.8:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.8.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.8.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.8.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:0.98.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.0.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.7:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.8:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.9:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.10:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.1.11:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.0:beta1:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.2.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.0:beta0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.3.6:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.4.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.4.0:beta0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.4.0:beta1:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.4.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.4.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.4.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:rc1:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:rc2:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:rc3:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:rc4:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.0:rc6:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.5.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.6.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.6.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.6.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.6.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.6.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.7.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.7.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.7.0:rc1:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.7.0:rc2:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.8.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.8.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.8.0:rc1:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.8.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.8.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.0:-:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.0:rc1:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.4:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.9.5:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.10.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.10.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.10.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.10.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.11.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.12.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.13.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.13.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.14.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.14.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.15.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.15.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.15.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.15.3:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.16.0:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.16.1:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.16.2:*:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.0:beta:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.0:beta2:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.0:rc0:*:*:*:*:*:*","cpe:2.3:a:mongodb:libbson:1.17.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"libbson","vendor":"MongoDB Inc","versions":[{"lessThan":"1.27.1","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"selmelc"}],"datePublic":"2024-07-03T21:33:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1
"}],"value":"The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-122","description":"CWE-122: Heap-based Buffer Overflow","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"a39b4221-9bd0-4244-95fc-f3e2e07f1deb","shortName":"mongodb","dateUpdated":"2024-07-04T12:49:04.148Z"},"references":[{"url":"https://jira.mongodb.org/browse/CDRIVER-5628"}],"source":{"discovery":"EXTERNAL"},"title":"MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-05T14:05:49.024613Z","id":"CVE-2024-6383","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-05T14:07:34.839Z"}},{"title":"CVE Program Container","references":[{"url":"https://jira.mongodb.org/browse/CDRIVER-5628","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20241004-0001/"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:34:31.467Z"}}]}}