PublicDateAtUSN: 2020-04-24 01:15:00 UTC Candidate: CVE-2020-12135 PublicDate: 2020-04-24 01:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12135 https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca#diff-f7d29a680148f52d6601f59ed787f577 https://launchpadlibrarian.net/474887364/bson-fix-overflow.patch https://ubuntu.com/security/notices/USN-4450-1 Description: bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input. Ubuntu-Description: Notes: Mitigation: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958998 https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560 Priority: medium Discovered-by: Seong-Joong Kim Assigned-to: mdeslaur CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM] Patches_duo-unix: upstream_duo-unix: needs-triage precise/esm_duo-unix: DNE trusty_duo-unix: ignored (out of standard support) trusty/esm_duo-unix: DNE xenial_duo-unix: ignored (end of standard support, was needs-triage) bionic_duo-unix: needs-triage eoan_duo-unix: ignored (reached end-of-life) focal_duo-unix: needs-triage groovy_duo-unix: ignored (reached end-of-life) hirsute_duo-unix: ignored (reached end-of-life) impish_duo-unix: needs-triage jammy_duo-unix: needs-triage devel_duo-unix: needs-triage Patches_whoopsie: upstream_whoopsie: needs-triage precise/esm_whoopsie: DNE trusty_whoopsie: ignored (out of standard support) trusty/esm_whoopsie: DNE xenial_whoopsie: released (0.2.52.5ubuntu0.5) esm-infra/xenial_whoopsie: released (0.2.52.5ubuntu0.5) bionic_whoopsie: released (0.2.62ubuntu0.5) eoan_whoopsie: ignored (reached end-of-life) focal_whoopsie: released (0.2.69ubuntu0.1) groovy_whoopsie: released (0.2.71) hirsute_whoopsie: released (0.2.71) impish_whoopsie: released (0.2.71) jammy_whoopsie: released (0.2.71) devel_whoopsie: released (0.2.71)