CVE-2024-6381 - Vulnerability Details - OpenCVE

The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mongodb	Libbson

Configuration 1 [-]

cpe:2.3:a:mongodb:libbson:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jira.mongodb.org/browse/CDRIVER-5622
https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html

History

Mon, 03 Nov 2025 20:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html

Thu, 02 Oct 2025 14:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:mongodb:libbson::::::::

MITRE

Status: PUBLISHED

Assigner: mongodb

Published: 2024-07-02T17:14:48.908Z

Updated: 2025-11-03T19:34:28.669Z

Reserved: 2024-06-27T08:03:35.321Z

Link: CVE-2024-6381

Vulnrichment

Updated: 2024-08-01T21:41:03.172Z

NVD

Status : Modified

Published: 2024-07-02T18:15:03.963

Modified: 2025-11-03T20:17:03.300

Link: CVE-2024-6381

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-6381", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "state": "PUBLISHED", "assignerShortName": "mongodb", "dateReserved": "2024-06-27T08:03:35.321Z", "datePublished": "2024-07-02T17:14:48.908Z", "dateUpdated": "2025-11-03T19:34:28.669Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:mongodb:libbson:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.98.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.0:beta0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.4.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.4.0:beta0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.6.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.6.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.7.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.7.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.7.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.8.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.8.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.18.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.18.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.22.0:beta0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.22.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.23.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.23.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.23.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.23.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.24.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.24.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.24.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.24.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.24.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.25.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.25.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.25.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.25.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.25.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.26.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.26.1:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "libbson", "vendor": "MongoDB Inc", "versions": [{"lessThan": "1.26.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-07-02T17:05:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2</span><br>"}], "value": "The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-680", "description": "CWE-680: Integer Overflow to Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2024-07-02T17:14:48.908Z"}, "references": [{"url": "https://jira.mongodb.org/browse/CDRIVER-5622"}], "source": {"discovery": "EXTERNAL"}, "title": "MongoDB C Driver bson_strfreev may be susceptible to integer overflow", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-02T18:54:05.940356Z", "id": "CVE-2024-6381", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T18:57:49.237Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://jira.mongodb.org/browse/CDRIVER-5622", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:34:28.669Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://jira.mongodb.org/browse/CDRIVER-5622", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:03.172Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6381", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-02T18:54:05.940356Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T18:57:45.818Z"}}], "cna": {"title": "MongoDB C Driver bson_strfreev may be susceptible to integer overflow", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:mongodb:libbson:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:0.98.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.0:beta0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.4.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.4.0:beta0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.6.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.6.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.7.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.7.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.7.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.8.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.8.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.0:-:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.6:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.17.7:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.18.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.18.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.21.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.22.0:beta0:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.22.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.23.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.23.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.23.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.23.5:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.24.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.24.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.24.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.24.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.24.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.25.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.25.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.25.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.25.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.25.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.26.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:libbson:1.26.1:*:*:*:*:*:*:*"], "vendor": "MongoDB Inc", "product": "libbson", "versions": [{"status": "affected", "version": "0", "lessThan": "1.26.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2024-07-02T17:05:00.000Z", "references": [{"url": "https://jira.mongodb.org/browse/CDRIVER-5622"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-680", "description": "CWE-680: Integer Overflow to Buffer Overflow"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2024-07-02T17:14:48.908Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6381", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:41:03.172Z", "dateReserved": "2024-06-27T08:03:35.321Z", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "datePublished": "2024-07-02T17:14:48.908Z", "assignerShortName": "mongodb"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:libbson:*:*:*:*:*:*:*:*", "matchCriteriaId": "B07D62BC-31EF-487E-9162-AF57FD991C62", "versionEndExcluding": "1.26.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2"}, {"lang": "es", "value": "La funci\u00f3n bson_strfreev en la librer\u00eda del controlador MongoDB C puede ser susceptible a un desbordamiento de enteros donde la funci\u00f3n intentar\u00e1 liberar memoria con un desplazamiento negativo. Esto puede provocar da\u00f1os en la memoria. Este problema afect\u00f3 a las versiones de Libbson anteriores a la 1.26.2."}], "id": "CVE-2024-6381", "lastModified": "2025-11-03T20:17:03.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "cna@mongodb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-02T18:15:03.963", "references": [{"source": "cna@mongodb.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.mongodb.org/browse/CDRIVER-5622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.mongodb.org/browse/CDRIVER-5622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"}], "sourceIdentifier": "cna@mongodb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-680"}], "source": "cna@mongodb.com", "type": "Secondary"}]}