Description
The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| MongoDB Inc | libbson | unaffected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-4160-1 | libbson-xs-perl security update |
| Debian DLA |
DLA-4175-1 | mongo-c-driver security update |
 EUVD |
EUVD-2024-47488 | The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2 |
 Ubuntu USN |
USN-7613-1 | mongo-c-driver vulnerabilities |
References
History
Mon, 03 Nov 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Thu, 02 Oct 2025 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:mongodb:libbson:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: mongodb
Published:
Updated: 2025-11-03T19:34:28.669Z
Reserved: 2024-06-27T08:03:35.321Z
Link: CVE-2024-6381
Vulnrichment
Updated: 2024-08-01T21:41:03.172Z
NVD
Status : Modified
Published: 2024-07-02T18:15:03.963
Modified: 2025-11-03T20:17:03.300
Link: CVE-2024-6381
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses