CVE-2024-6383 MEDIUM

CVE-2024-6383: MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow

Vendor Mongodb Inc
Product libbson
Weakness CWE-122
Published July 3, 2024
Last update November 3, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1

Key dates

02Disclosure timeline

July 3, 2024 CVE published
November 3, 2025 Record updated