Vulnerabilities > CVE-2017-14227 - Out-of-bounds Read vulnerability in Mongodb 1.7.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2017-A4CF96BCCA.NASL description This release fixes a crash when parsing an empty code string of a codewscope type. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-09-28 plugin id 103521 published 2017-09-28 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103521 title Fedora 26 : libbson (2017-a4cf96bcca) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_10214BDA09024E3BA2F99A68EF206A73.NASL description mongodb developers report : In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. last seen 2020-06-01 modified 2020-06-02 plugin id 103474 published 2017-09-27 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103474 title FreeBSD : libbson -- Denial of Service (10214bda-0902-4e3b-a2f9-9a68ef206a73) NASL family Fedora Local Security Checks NASL id FEDORA_2017-7EDC2EA787.NASL description This release fixes a crash when parsing an empty code string of a codewscope type. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-09-29 plugin id 103547 published 2017-09-29 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103547 title Fedora 25 : libbson (2017-7edc2ea787) NASL family Fedora Local Security Checks NASL id FEDORA_2017-1953158D1F.NASL description This release fixes a crash whwhen parsing an empty code string of a codewscope type. It also make functions for checking library version available for C++ programs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105825 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105825 title Fedora 27 : libbson (2017-1953158d1f)
References
- http://www.securityfocus.com/bid/100825
- http://www.securityfocus.com/bid/100825
- https://bugzilla.redhat.com/show_bug.cgi?id=1489355
- https://bugzilla.redhat.com/show_bug.cgi?id=1489355
- https://bugzilla.redhat.com/show_bug.cgi?id=1489356
- https://bugzilla.redhat.com/show_bug.cgi?id=1489356
- https://bugzilla.redhat.com/show_bug.cgi?id=1489362
- https://bugzilla.redhat.com/show_bug.cgi?id=1489362