From 000d72deda6436b460d68bc4c0b8559a00becc1a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 3 Jul 2024 22:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/42xxx/CVE-2023-42282.json | 5 +++ 2024/6xxx/CVE-2024-6383.json | 79 ++++++++++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6499.json | 18 ++++++++ 3 files changed, 98 insertions(+), 4 deletions(-) create mode 100644 2024/6xxx/CVE-2024-6499.json diff --git a/2023/42xxx/CVE-2023-42282.json b/2023/42xxx/CVE-2023-42282.json index c7f49c408a4..09bce3d4467 100644 --- a/2023/42xxx/CVE-2023-42282.json +++ b/2023/42xxx/CVE-2023-42282.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20240315-0008/", "url": "https://security.netapp.com/advisory/ntap-20240315-0008/" + }, + { + "refsource": "MISC", + "name": "https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/", + "url": "https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/" } ] } diff --git a/2024/6xxx/CVE-2024-6383.json b/2024/6xxx/CVE-2024-6383.json index 4e79b4617f8..ddb09db0384 100644 --- a/2024/6xxx/CVE-2024-6383.json +++ b/2024/6xxx/CVE-2024-6383.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6383", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@mongodb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MongoDB Inc", + "product": { + "product_data": [ + { + "product_name": "libbson", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.27.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://jira.mongodb.org/browse/CDRIVER-5628", + "refsource": "MISC", + "name": "https://jira.mongodb.org/browse/CDRIVER-5628" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/6xxx/CVE-2024-6499.json b/2024/6xxx/CVE-2024-6499.json new file mode 100644 index 00000000000..ece0ab4cf43 --- /dev/null +++ b/2024/6xxx/CVE-2024-6499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file