3.7

CVE-2026-4359

Heap-buffer-over-read in _mongoc_http_send via strstr on non-null-terminated buffer

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MongodbC Driver SwPlatformmongodb Version < 1.30.8
MongodbC Driver SwPlatformmongodb Version >= 2.2.0 < 2.2.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.112
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
cna@mongodb.com 2 0 0
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@mongodb.com 2 0.5 1.4
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L
CWE-158 Improper Neutralization of Null Byte or NUL Character

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.