6
CVE-2026-9100
- EPSS 0.28%
- Veröffentlicht 20.05.2026 15:55:13
- Zuletzt bearbeitet 20.05.2026 17:32:35
- Quelle cna@mongodb.com
- CVE-Watchlists
- Unerledigt
Heap memory out of bounds read and crash in C Driver legacy GridFS file reader
The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash (via a division-by-zero) or silently leak process memory contents (via an out-of-bounds read).
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMongoDB, Inc.
≫
Produkt
C Driver
Default Statusunaffected
Version
1.0
Version <
1.30.8
Status
affected
Version
2.0
Version <
2.2.4
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.196 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@mongodb.com | 6 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@mongodb.com | 5.9 | 1.6 | 4.2 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
|
CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
https://jira.mongodb.org/browse/CDRIVER-6281