VYPR

C Driver

by MongoDB

Source repositories

CVEs (10)

  • CVE-2026-6691HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with…

  • CVE-2026-2303MedFeb 10, 2026
    risk 0.42cvss 6.5epss 0.00

    The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI…

  • CVE-2026-9100MedMay 20, 2026
    risk 0.38cvss 5.9epss 0.00

    The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash (via a division-by-zero) or…

  • CVE-2024-6383MedJul 3, 2024
    risk 0.34cvss 5.3epss 0.01

    The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1

  • CVE-2026-6231MedApr 13, 2026
    risk 0.21cvss 4.3epss 0.00

    The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect…

  • CVE-2026-4359LowMar 17, 2026
    risk 0.06cvss 2.0epss 0.00

    A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.

  • CVE-2025-12119Nov 18, 2025
    risk 0.00cvss epss 0.00

    A mongoc_bulk_operation_t may read invalid memory if large options are passed.

  • CVE-2024-7553Aug 7, 2024
    risk 0.00cvss epss 0.00

    Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue…

  • CVE-2023-0437Jan 12, 2024
    risk 0.00cvss epss 0.01

    When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.

  • CVE-2018-16790HigSep 10, 2018
    risk 0.00cvss 8.1epss 0.02

    _bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.