The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads th
User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container.
An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This iss
Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 vers
The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.
The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violat
A mongoc_bulk_operation_t may read invalid memory if large options are passed.
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server.
This issue affects all MongoDB Server v8.2 versions, all MongoDB Serve
Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer overread via a crafted mdf4 file is parsed using the ReadData function
An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An
An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can pr
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodical
In the Linux kernel, the following vulnerability has been resolved:
nfs/localio: must clear res.replen in nfs_local_read_done
Otherwise memory corruption can occur due to NFSv3 LOCALIO reads
leaving
AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted
A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserializa
A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect
The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequ
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes get_metrics to unwrap() failed deserialization of
Page 1+ Next →