The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| MongoDB Inc | libbson | unaffected |
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-4160-1 | libbson-xs-perl security update |
| Debian DLA |
DLA-4175-1 | mongo-c-driver security update |
 EUVD |
EUVD-2024-47488 | The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2 |
 Ubuntu USN |
USN-7613-1 | mongo-c-driver vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 03 Nov 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Thu, 02 Oct 2025 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:mongodb:libbson:*:*:*:*:*:*:*:* |
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mongodb
Published:
Updated: 2025-11-03T19:34:28.669Z
Reserved: 2024-06-27T08:03:35.321Z
Link: CVE-2024-6381
Vulnrichment
Updated: 2024-08-01T21:41:03.172Z
NVD
Status : Modified
Published: 2024-07-02T18:15:03.963
Modified: 2025-11-03T20:17:03.300
Link: CVE-2024-6381
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses