{
   "document": {
      "aggregate_severity": {
         "text": "moderate"
      },
      "category": "csaf_security_advisory",
      "csaf_version": "2.0",
      "distribution": {
         "tlp": {
            "label": "WHITE",
            "url": "https://www.first.org/tlp/"
         }
      },
      "lang": "en",
      "notes": [
         {
            "category": "description",
            "text": "The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1",
            "title": "Vulnerability Description"
         }
      ],
      "publisher": {
         "category": "other",
         "contact_details": "gdt@cpan.org",
         "name": "giterlizzi",
         "namespace": "https://github.com/giterlizzi/"
      },
      "references": [
         {
            "category": "self",
            "summary": "CPANSA-BSON-XS-2024-6383-libbson JSON",
            "url": "https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2024/cpansa-bson-xs-2024-6383-libbson.json"
         },
         {
            "category": "external",
            "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6383",
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6383"
         },
         {
            "category": "external",
            "summary": "https://jira.mongodb.org/browse/CDRIVER-5628",
            "url": "https://jira.mongodb.org/browse/CDRIVER-5628"
         },
         {
            "category": "external",
            "summary": "CVE-2024-6383 (NVD)",
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6383"
         }
      ],
      "title": "BSON-XS vulnerability",
      "tracking": {
         "current_release_date": "2024-07-03T00:00:00",
         "generator": {
            "engine": {
               "name": "CSAF Perl Toolkit",
               "version": "0.26"
            }
         },
         "id": "CPANSA-BSON-XS-2024-6383-libbson",
         "initial_release_date": "2024-07-03T00:00:00",
         "revision_history": [
            {
               "date": "2024-07-03T00:00:00",
               "number": "1",
               "summary": "First release"
            }
         ],
         "status": "final",
         "version": "1"
      }
   },
   "product_tree": {
      "branches": [
         {
            "branches": [
               {
                  "category": "product_version_range",
                  "name": "vers:cpan/>=0.2.0|<=0.8.4",
                  "product": {
                     "name": "BSON-XS greater than or equal 0.2.0 and less than or equal 0.8.4",
                     "product_id": "CSAFPID-0001"
                  }
               }
            ],
            "category": "product_name",
            "name": "BSON-XS"
         }
      ]
   },
   "vulnerabilities": [
      {
         "cve": "CVE-2024-6383",
         "cwe": {
            "id": "CWE-122",
            "name": "Heap-based Buffer Overflow"
         },
         "notes": [
            {
               "category": "description",
               "text": "The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1",
               "title": "Vulnerability Description"
            }
         ],
         "product_status": {
            "known_affected": [
               "CSAFPID-0001"
            ]
         },
         "scores": [
            {
               "cvss_v3": {
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  "version": "3.1"
               },
               "products": [
                  "CSAFPID-0001"
               ]
            }
         ]
      }
   ]
}