BSON::XS Buffer Over-Read, Infinite Loop, Memory Corruption, and Buffer Overflow Vulnerabilities
Vulnerability
Several vulnerabilities have been identified in BSON::XS versions through 0.8.4 for Perl, which includes a bundled libbson version 1.1.7 known to have multiple security issues. These vulnerabilities arise from improper handling of BSON data, leading to heap-based buffer over-reads, infinite loops, integer overflows, and buffer overflows that can corrupt memory. Such issues can cause denial-of-service conditions or application crashes. Additionally, BSON::XS has reached its end of life as of August 13, 2020, and is no longer supported.
Impact
Exploitation of these vulnerabilities can lead to heap-based buffer over-reads, causing memory corruption, infinite loops, and application crashes. The buffer overflows, in particular, can result in segmentation faults and potential exploitation.
Remediation
Users are advised to upgrade to libbson-xs-perl version 0.8.4-1+deb11u1.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.