{"id":"CVE-2018-16790","details":"_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.","modified":"2026-04-11T11:39:44.218372Z","published":"2018-09-10T05:29:00.250Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"},{"type":"REPORT","url":"https://jira.mongodb.org/browse/CDRIVER-2819"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1627923#c3"},{"type":"FIX","url":"https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo-c-driver","events":[{"introduced":"0"},{"last_affected":"a690091bae086f267791bd2227400f2035de99e8"},{"fixed":"0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.12.0"}]}}],"versions":["0.90.0","0.92.0","0.92.2","0.94.0","0.94.2","0.96.0","0.96.4","0.98.0","0.98.2","1.0.0","1.0.2","1.1.0","1.1.0-rc0","1.1.10","1.1.11","1.1.2","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.11.0","1.12.0","1.3.0","1.3.0-rc0","1.4.0-beta1","1.5.0-rc0","1.5.0-rc1","1.5.0-rc2","1.5.0-rc3","1.5.0-rc4","1.6.0","1.6.0-rc0","1.7.0-rc0","1.9.0-rc0","1.9.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16790.json","vanir_signatures_modified":"2026-04-11T11:39:44Z","vanir_signatures":[{"source":"https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84","signature_type":"Line","target":{"file":"src/libbson/tests/test-bson.c"},"signature_version":"v1","digest":{"line_hashes":["230572384828147726758798177231607784127","193010568396572323432057629638187778761","308383410363642545101968445688044955292","130065544884910772829299049170521137569"],"threshold":0.9},"id":"CVE-2018-16790-0cbcc3ef","deprecated":false},{"source":"https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84","signature_type":"Function","target":{"function":"_bson_iter_next_internal","file":"src/libbson/src/bson/bson-iter.c"},"signature_version":"v1","digest":{"function_hash":"193941486342430174099491069527724778591","length":5661},"id":"CVE-2018-16790-3343d43e","deprecated":false},{"source":"https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84","signature_type":"Function","target":{"function":"test_bson_validate","file":"src/libbson/tests/test-bson.c"},"signature_version":"v1","digest":{"function_hash":"5190524972303662446291243879713015595","length":4620},"id":"CVE-2018-16790-48ddd07c","deprecated":false},{"source":"https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84","signature_type":"Line","target":{"file":"src/libbson/src/bson/bson-iter.c"},"signature_version":"v1","digest":{"line_hashes":["25158063395939030907992834329443035559","151438777202799389720665076878289151096","76831124799274643912930820928241724466","248988458287290360667449641644212888333"],"threshold":0.9},"id":"CVE-2018-16790-f31c3ccb","deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}