CVE-2024-6381

MEDIUM

MongoDB <1.26.2 - Memory Corruption

Title source: llm

Description

The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2

References (3)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html

[Issue Tracking, Vendor Advisory] https://jira.mongodb.org/browse/CDRIVER-5622

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html

Scores

CVSS v3 4.0

EPSS 0.0040

EPSS Percentile 60.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-680

Status published

Products (1)

mongodb/libbson < 1.26.2

Published Jul 02, 2024

Tracked Since Feb 18, 2026