Miggo Logo
Miggo Vulnerability Database
CVE-2024-5629

CVE-2024-5629: PyMongo Out-of-bounds Read in the bson module

4.7

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-5629
GHSA ID
GHSA-m87m-mmvp-v9qm
EPSS Score
0.21759%
CWE
CWE-125
Published
6/5/2024
Updated
6/18/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
pymongopip< 4.6.34.6.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided commit directly patches the get_value function in bson/_cbsonmodule.c. The changes involve adding stricter and more comprehensive size checks for code_size and scope_size when parsing BSON elements of type _BINARY_JAVASCRIPT_WITH_SCOPE. The vulnerability description states that a crafted payload could force the parser to deserialize unmanaged memory due to an out-of-bounds read. The patch addresses this by ensuring that the declared sizes for the JavaScript code and its scope, along with other metadata, do not exceed the available buffer (max) and are internally consistent (e.g., len < code_size or len < scope_size checks for overflow). The get_value function is where this parsing and validation occurs, making it the direct site of the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*rsions o* t** p**k*** pymon*o ***or* *.*.* *r* vuln*r**l* to Out-o*-*oun*s R*** in t** *son mo*ul*. Usin* t** *r**t** p*ylo** t** *tt**k*r *oul* *or** t** p*rs*r to **s*ri*liz* unm*n**** m*mory. T** p*rs*r tri*s to int*rpr*t *yt*s n*xt to *u***r *n

Reasoning

T** provi*** *ommit *ir**tly p*t***s t** `**t_v*lu*` *un*tion in `*son/_**sonmo*ul*.*`. T** ***n**s involv* ***in* stri*t*r *n* mor* *ompr***nsiv* siz* ****ks *or `*o**_siz*` *n* `s*op*_siz*` w**n p*rsin* *SON *l*m*nts o* typ* `_*IN*RY_J*V*S*RIPT_WIT