MongoDB C Driver
Moderate fix2 remedies
cpe:2.3:a:mongodb:c_driver:*:*:*:*:mongodb:*:*
Moderate fix2 remedies
MongoDB C Driver Legacy GridFS API Memory Leak and Denial-of-Service Vulnerability
Vulnerability
Patched
A vulnerability exists in the MongoDB C Driver's legacy GridFS API, where malformed file metadata is accepted from the database without proper validation. This flaw can lead to two potential issues: applications reading these files via the legacy API may crash due to a division-by-zero error, or they may unintentionally expose process memory contents through an out-of-bounds read.
Impact
Exploitation of this vulnerability can cause applications to crash or lead to unauthorized memory access, allowing for potential information disclosure.
Reproduction
To reproduce this vulnerability, create a document in a GridFS collection that includes malformed metadata. Then, use the legacy GridFS API to read the file. The application will either crash due to a division-by-zero error or will leak process memory contents by reading out-of-bounds.
Remediation
Users can upgrade to MongoDB C Driver versions 1.30.8 or 2.2.4, where this vulnerability has been fixed.
Added: May 20, 2026, 5:32 PM
Updated: May 20, 2026, 5:32 PM
Vulnerability Rating
Custom Algorithm
spread
5.4impact
3.1exploitability
5.0remediation
7.7relevance
8.9threat
1.6urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.