漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Heap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enables application crash or information leak
Vulnerability Description
The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not guaranteed to be null-terminated or have extra padding, this results in reading one byte past the allocated heap buffer.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
宽松定义的白名单
Vulnerability Title
MongoDB Go Driver 安全漏洞
Vulnerability Description
MongoDB Go Driver是MongoDB开源的一个Go语言库。 MongoDB Go Driver存在安全漏洞,该漏洞源于C包装器实现中对GSSAPI标准字符串终止的假设不正确,可能导致堆越界读取。
CVSS Information
N/A
Vulnerability Type
N/A