Published: 24/04/2020 Updated: 12/08/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

bson prior to 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.

Vulnerable Product	Search on Vulmon	Subscribe to Product
whoopsie project whoopsie
mongodb c driver

Debian Bug report logs - #958998 CVE-2020-12135 in embedded bson Package: src:duo-unix; Maintainer for src:duo-unix is Kees Cook <kees@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 27 Apr 2020 21:12:01 UTC Severity: normal Tags: security, upstream Reply or subscribe to this bug Toggl ...

Vulnerability in apport daemon (aka whoopsie) An integer overflow in whoopsie 0269, results in an out-of-bounds write to a heap allocated buffer when 'bytesNeeded' exceeds max of uint32 An exploit could allow the attacker to cause a denial of service (segmentation fault and crash) Basic When a program has been crashed, Linux system tries to create a ‘c

CWE-190 https://launchpadlibrarian.net/474887364/bson-fix-overflow.patch https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560 https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca#diff-f7d29a680148f52d6601f59ed787f577 https://usn.ubuntu.com/4450-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958998 https://nvd.nist.gov

CVE-2020-12135

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect