admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-01 03:01:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-215xx/CVE-2024-21506.json
cad-safe-bot 830b9e33e5 Auto-Update: 2024-04-08T20:00:37.968462+00:00
2024-04-08 20:03:27 +00:00

67 lines
2.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-21506",
"sourceIdentifier": "report@snyk.io",
"published": "2024-04-06T05:15:07.210",
"lastModified": "2024-04-08T18:49:25.863",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte."
},
{
"lang": "es",
"value": "Las versiones del paquete pymongo anteriores a la 4.6.3 son vulnerables a la lectura fuera de los l\u00edmites en el m\u00f3dulo bson. Mediante un payload manipulado, el atacante podr\u00eda obligar al analizador a deserializar la memoria no administrada. El analizador intenta interpretar los bytes junto al b\u00fafer y genera una excepci\u00f3n con una cadena. Si los siguientes bytes no se pueden imprimir en UTF-8, el analizador genera una excepci\u00f3n con un solo byte."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "report@snyk.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/keltecc/62a7c2bf74a997d0a7b48a0ff3853a03",
"source": "report@snyk.io"
},
{
"url": "https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-PYMONGO-6370597",
"source": "report@snyk.io"
}
]
}
Reference in New Issue View Git Blame Copy Permalink