Primary

Context

MongoDB C Driver Memory Corruption Vulnerability in Bulk Operation Handling

Vulnerability

Patched

A vulnerability exists in the MongoDB C Driver's bulk operation functionality, specifically within the `mongoc_bulk_operation_t` component. This issue can lead to reading invalid memory when large options are provided. The vulnerability is present in versions of the MongoDB C Driver prior to 1.30.6 and in the 2.x series prior to 2.1.2.

Impact

Exploitation of this vulnerability can cause memory corruption by allowing the bulk operation to read invalid memory locations, potentially leading to undefined behavior or application crashes.

Remediation

Users can upgrade to MongoDB C Driver version 1.30.6 or 2.1.2, both of which address this vulnerability. Instructions for downloading these versions are available on the MongoDB C Driver GitHub release pages.

Added: Nov 18, 2025, 10:19 PM

Updated: Nov 18, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.0

exploitability

4.7

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.0

exploitability

4.7

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB C Driver Memory Corruption Vulnerability in Bulk Operation Handling

Vulnerability

Impact

Remediation

Affected Products

MongoDB mongo-c-driver

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating