Search CVE reports
1 – 6 of 6 results
BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and...
1 affected package
libbson-xs-perl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libbson-xs-perl | Not in release | Needs evaluation | Needs evaluation | Ignored | — |
Some fixes available 1 of 5
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue...
2 affected packages
libbson, mongo-c-driver
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libbson | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| mongo-c-driver | Not affected | Fixed | Ignored | Ignored | — |
Some fixes available 3 of 6
The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected...
2 affected packages
libbson, mongo-c-driver
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libbson | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| mongo-c-driver | Not affected | Fixed | Fixed | Fixed | — |
Some fixes available 6 of 90
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB)...
12 affected packages
yajl, argyll, ruby-yajl, tulip, burp...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| yajl | Not affected | Not affected | Fixed | Fixed | Fixed |
| argyll | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ruby-yajl | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| tulip | Needs evaluation | Not in release | Needs evaluation | — | — |
| burp | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| centreon-broker | — | — | — | — | — |
| collada2gltf | Not in release | Not in release | Needs evaluation | — | Ignored |
| icinga2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libbson | — | — | — | — | Ignored |
| lnav | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| php-mongodb | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| r-cran-jsonlite | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Some fixes available 2 of 3
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
1 affected package
libbson
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libbson | — | — | Not in release | Not in release | Fixed |
Some fixes available 1 of 3
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in...
1 affected package
libbson
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libbson | — | — | Not in release | Not in release | Not affected |