{"id":"CVE-2020-12135","details":"bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.","modified":"2026-04-11T09:46:17.884391Z","published":"2020-04-24T01:15:11.430Z","references":[{"type":"WEB","url":"https://usn.ubuntu.com/4450-1/"},{"type":"FIX","url":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca#diff-f7d29a680148f52d6601f59ed787f577"},{"type":"FIX","url":"https://launchpadlibrarian.net/474887364/bson-fix-overflow.patch"},{"type":"EVIDENCE","url":"https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/10gen-archive/mongo-c-driver-legacy","events":[{"introduced":"0"},{"fixed":"41562d5cda9ca79af3d23a7463e5faf4f2a4e20a"},{"fixed":"1a1f5e26a4309480d88598913f9eebf9e9cba8ca"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.8"}]}}],"versions":["v0.1","v0.2","v0.3","v0.3.1","v0.4","v0.5","v0.5.1","v0.5.2","v0.6","v0.7","v0.7.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.2.69"}]}],"vanir_signatures_modified":"2026-04-11T09:46:17Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12135.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["3598376030161994374499160745518439155","188175331585084854337657776253058454238","128742861977115401042654135393502985014","123275779325286253793652006825543379482","40826582267018981977787083822451501079"]},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"file":"src/encoding.h"},"signature_version":"v1","signature_type":"Line","id":"CVE-2020-12135-09225cc0"},{"digest":{"threshold":0.9,"line_hashes":["336591053878063977449895111453874789214","234502528947190592992720307528308419077","44422664705097554166850405362313524292","108455919143861906950457805544579291105","55988635256864840873395528034754577536","75698100616493481965256198319042322188","44784689919607431309658664944046253117","293925236163208479159343577853826575061","48910146053087749995988601049271794967","132534352559135223235609425368761952662","8037035907743845151440958716335128216","104672437958863179134008346442911476883","103878534576975538791560360780171956950","316821825084926987115007535949670785688","134822826067594855136343876784807596270","323889146748298730915424429710116324447","338437202638035245350380560667786713","202773124744990524993811594678639200893","103413517504286432789978995654698939543","333840060539905030592266204837636635022","185325938504256747787460578549744605666","175200421387655209884591375373454759262","257689388660128988756468124277399570009","197008132267279721083365788183673146918","87720853633410578495999208785286435508","206702327543639727071698196305483354358","169033254800075677490674709765953451903","263653557206975896908524679169161994346"]},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"file":"src/gridfs.c"},"signature_version":"v1","signature_type":"Line","id":"CVE-2020-12135-2042373c"},{"digest":{"length":389,"function_hash":"270390227834509889898760372380378731851"},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"function":"mongo_pass_digest","file":"src/mongo.c"},"signature_version":"v1","signature_type":"Function","id":"CVE-2020-12135-25967a37"},{"digest":{"threshold":0.9,"line_hashes":["8538192562051996107135665361236164592","171548600575032415922399636436937899711","132737018607488464036385713630147862324","264091552227730777307704326819026632801","40155336893437970174907660847292759348","319198000888425769685190116760559298312","150243267202037969004170398465053088485","326059368991632511889453366463397899177","7890796483704022117710424306230223827","153629248700121360610398092208558523330","229555891115612443789159370398927915941","206244367464583753864908026390972041233","291738544569015633072337338128557906363","143557167910868421695167437059820189674","300449694031464884352436208973644675019","5957252630762384304355657531666487933","220926439709249952663449515156995087847"]},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"file":"src/encoding.c"},"signature_version":"v1","signature_type":"Line","id":"CVE-2020-12135-34848c05"},{"digest":{"threshold":0.9,"line_hashes":["30670129135407048501724347128298068186","207414275786265040729592204135648158391","63390020104550009340250468441527378837","204668336593719554804257542005603084998"]},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"file":"src/bcon.c"},"signature_version":"v1","signature_type":"Line","id":"CVE-2020-12135-34a3be9c"},{"digest":{"threshold":0.9,"line_hashes":["108220082112511021022053686250234182979","40771040368783361170837988182000176570","318236977319155617793074422367352994555","248599592719444990477050483216507848748","292427252508527110083984778749027939154","17224559715514011411357151945442397488","209688870522729378630422819690902656300","175236256325904891768731335085997483915","60018974170371852443143723712853191211","163266284266988098319361577364518994003","267485648231146949664340350584631063972","72148895891327652488084458125416836749","116067843981155760007798976172146853395","98045171365025028755490885943921535155","55528120625556417964425960281152379014","87074026034097280254097171489467187375","273561483529778840894665090466063207376","181953469905682271611186612361385219713","173001143453972279460371242774240335395","20052529468764701327688099170750495037","271231602003178930713712376587855295079","236025023796588804395967964749118715990","250182795565642138390187111909966021650","137135429747592176150330973729669091525","236784019585778801281180424548708327723","187302159248890577004178435483137955647","269117049358166310503197976537297798793","237872093425583776696855916322689884627"]},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"file":"src/bson.h"},"signature_version":"v1","signature_type":"Line","id":"CVE-2020-12135-3e2fd5a6"},{"digest":{"length":339,"function_hash":"327961451734552262886933884859555984020"},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"function":"bson_finish","file":"src/bson.c"},"signature_version":"v1","signature_type":"Function","id":"CVE-2020-12135-462b2393"},{"digest":{"threshold":0.9,"line_hashes":["73402272322500330170359679057961320341","169957687002062295744482631040616272932","1792767329797466353659431845168328026","91131619148119911849886822804182206933","236571120512672438491539284058493734744","171109578866762219459447613761080339349","30746218033914000935686331251568332898","204447409079104039476664373897172706887"]},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"file":"src/gridfs.h"},"signature_version":"v1","signature_type":"Line","id":"CVE-2020-12135-4a32b561"},{"digest":{"length":442,"function_hash":"237304743751324393657928955605132726504"},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"function":"bson_append_string_base","file":"src/bson.c"},"signature_version":"v1","signature_type":"Function","id":"CVE-2020-12135-51a49cdd"},{"digest":{"length":980,"function_hash":"266827202101787547053778596676318259334"},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"function":"mongo_cmd_authenticate","file":"src/mongo.c"},"signature_version":"v1","signature_type":"Function","id":"CVE-2020-12135-55597ab3"},{"digest":{"threshold":0.9,"line_hashes":["159632323427898912896708267826435775918","319802081270888107683734846962130059445","202587265046007546099854942506839489329","236970479031580322992586628453129282128","337027462276670552530715458906405217399","252058464696706748149717582621576413587","325976940916308327867741227671731654470","28739476643964480900444324113397729897","192930549844541768459043560482901573447","206399543149884529194769715049287725640","287041594307876580169629642539521693623","163820117138173794546420044402316076176","185154108874252281316194829109481969241","209618556462617152084595617050111199494","86254564559271840329838854061343438475","146507559009936723040289839159641360896","23918424358579832138044476503779732685","217983846550622988421963635484486155299","272045474242128979808606851262306348452","139976233815720726809689836365119907851","312820265157596308358075949802527746244","245104828526397021004961414994093397196","111536750396880250935267057333319145745","111002613751726889322210325907383709322","224181453533256284045999010928437226324","274244599400265873996940659901567179733","103294722505997289595675714810669434645","88541598264429154911797610868614361807","194430409985649342123081971493783858627","15103693076621011176206117185438604329","295236486597858909967694224633849484882","85324728341824707934696281071183797181","90212671046352105808456499781607595588","11797602686861634668783585941658798601","287577399444003229319605869684889220144","92756548734444510791330104244045969124","117989130278536084817815808562321072765","193779026531800829123853692812182643124","81055769158067756694446746813696236310","244852946686059980489810245219575067125","93976934530758993058358536564554568928","43449914906366465314419497218284803989","126415487612283565492551906742429361990","59736587440565314129427249139761241093","125762291735830949979043882652119086992","28197917042785084161154169365363049392","290244991818705715821436111674856539157","292679023722529804089223688014072938977","74467137773495799083939456421758018394","114676433407996824047196064089943023975","237133775934597641672236288494405796186","46843626989492159491088384121669127230","178865056500381924473559495884992505906","61759313884131913723963761630370221716","273912106400741906291514852261718170856","31223196900389373974633742958548313344","261950972216913562280867612049912599616","105852201296843810572502227839128244025","138619303890214294542168574696653456606","287176826434346362632157972852396502659","87980032438363649053383068529250328686","43528202424120492807668557152586409775","217913028057331960162483499484890566949","266062524019335605886525346801552840053","164339216910059094923814509314905041460","79343160252292949732730166878418835702","256377575580251771092719423309956974063","269370653523045325644486932325069622897","97553212700208594456851854926266585501","278424973187094604104062497269285358262","246805362345703682639847726037138343029","55687498457856405006459903245319231034","140215796927752606810576485807602773541","188818943187253681240647435396523838478","20555283497365896910382079304178509871","247439391687585711494330167768191913637","260411425992340971203547195622823274155","316746250926185331781436919586859107273","16531431073507625325449605753897151497","32468521294331915982603364643212628453","69366960228560744853082420279815325081","113367424888415635774937844489882638786","75945973351635658208007290645249853341","264414329240752894386032490082437418124","125038528126561807743650575935493259296","299587071761424142078236653950581882797","311062604824567778440904954756936630081","173407199169699819822828721160822160897","322782074862252509061728203326903730868","263240296879074758370211837964648061609","150297849505685669145043127680384929312","202433091732445341642698932490719372330","293451028784069764423303004413039314650","322461551070822351444529599534400595843","41582652495791284384634948986846753457","337369840390999071563819421079171133364","249978856166042547124684853760308084088","9037351898396394856261322720528798102","294696540312192030766751845346797762065","205400617386959407621197597344204671248","11391501057710369245084053304108715","312254426408188346825334182259871385472","318521821147990152031732067235507133717","1026669326826787734914828990978650327","91905691512643884410398859679171068580","231426528635684322731566130661891910010","309955414208555151925084569625846630778","31682101484741092814692792835978177843"]},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"file":"src/bson.c"},"signature_version":"v1","signature_type":"Line","id":"CVE-2020-12135-6f43ce3a"},{"digest":{"length":623,"function_hash":"244358658856347886221822738388901414013"},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"function":"bson_append_binary","file":"src/bson.c"},"signature_version":"v1","signature_type":"Function","id":"CVE-2020-12135-9353205c"},{"digest":{"threshold":0.9,"line_hashes":["268807570740004622668556831926281411113","317419178946950055520555600959873635070","47470031436815847649090443335251612058","268448881497214073137798991345525247764","255363163581788599511336757301697615719","251926647532670558925885800113260139317","47185803764611589893598026215169073796","155799298337741079716586038718087162427","313587008621880614887597009108975599340","264305117801616291546412496742337823921","54065573801892141386736472983098487577","90347915791125572348254497752527963770","12069746270514473585228282388680515382","309241479710713610467493130032281255631","305258086103528119469576102931442677591","187824773138389994475443441552272457600","214112811599309174094080964404101357803","264041462720207446136161248202489638367","159919237432372422239274585118856124196","184503268586474767316668948454597114654","35286260965554113343244328311030169872","49118714246100199739743034960438372578","28879300002796582965330567126721526782","313587008621880614887597009108975599340","264305117801616291546412496742337823921","54065573801892141386736472983098487577","90347915791125572348254497752527963770","12069746270514473585228282388680515382","184920151441164203956367158565825784766","56738992451999405949527572971265024922","152848455783564906832895749558981128824","201166260699976924181939206525005426317","95836365725153973525004699486109767680","160192496456669142630106986762771084746","138548797074062851277464771557694539987","35286260965554113343244328311030169872","49118714246100199739743034960438372578","28879300002796582965330567126721526782","313587008621880614887597009108975599340","264305117801616291546412496742337823921","54065573801892141386736472983098487577","90347915791125572348254497752527963770","12069746270514473585228282388680515382","256621928014529735687661100907974395623","102243371366495758419837226296140088994"]},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"file":"src/env.c"},"signature_version":"v1","signature_type":"Line","id":"CVE-2020-12135-93c5d749"},{"digest":{"length":303,"function_hash":"289726486914601067861133528861990659883"},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"function":"mongo_message_create","file":"src/mongo.c"},"signature_version":"v1","signature_type":"Function","id":"CVE-2020-12135-a936efea"},{"digest":{"length":286,"function_hash":"158111264753697519829477323417386590947"},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"function":"bson_append_finish_object","file":"src/bson.c"},"signature_version":"v1","signature_type":"Function","id":"CVE-2020-12135-ab777939"},{"digest":{"length":886,"function_hash":"94209456323227563504544373693406942807"},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"function":"gridfile_get_chunks","file":"src/gridfs.c"},"signature_version":"v1","signature_type":"Function","id":"CVE-2020-12135-bb8b9f16"},{"digest":{"threshold":0.9,"line_hashes":["126980913389781568650565274096206509546","272948625584002644252716705179502435300","178229141924156877746354100154441290085","186957615594593707971942897823424631858","173190833708888938956195109439044877286","107742192961067113202805250900855787464","283423863612658206043589790059674826567","238596320009192129581373813885568987513","62877286397181019600820839972550416126","9266025573419674438047626607324497734","152074869465638407964799106994644344753","242709852737564520487518084623572497265","298328621212626921612813649169001496681","276153273076927988135258867148383222759","88304830294368766352102174148867519398","131278952138033891068001262139340546240","313799507409278680239193812369632544743","152373538914170795544378273595217578689","288500068114742325358310799470561146251","59597499851313988366705036847372217634","170506957821752069591149587964883482190","256720785475727267234215411958914940556","240426609587334151481596972152802799827","100220284270468745700309745306028723711","177818961685773322134984995660215254749","307985334983276630306034725645276377218","272732832448048205227684254461113356650","115458543550935866148405274062480279977","108512623488851134310830672468820119244","199392319685845153711417843909281292572","156603935628081533336313244932227772894","77940724289127757098285964552050252809","37191859476767270373201040062372319930","101316638773034599653245488303485831645","189927721673923483309344704350515831270","195009693520827453164063854078789185902","333542727436808206713053022103425894002","150314579057795315129895119968296744939","60364491780342853333869941490648366935","327750558268701119705639894120349679324"]},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"file":"src/mongo.c"},"signature_version":"v1","signature_type":"Line","id":"CVE-2020-12135-bf22f83f"},{"digest":{"threshold":0.9,"line_hashes":["190091122791294015573834513543761919646","2163604712339583726468420872631478176","25964213503642484168558040291748303495","60563742927596724969238248506127966894","277831385819130471063346667084182643361"]},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"file":"src/env.h"},"signature_version":"v1","signature_type":"Line","id":"CVE-2020-12135-c42c01a4"},{"digest":{"length":2162,"function_hash":"310707415071033948550661224255270692834"},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"function":"bson_append_bcon_with_state","file":"src/bcon.c"},"signature_version":"v1","signature_type":"Function","id":"CVE-2020-12135-f9f5fd39"},{"digest":{"length":488,"function_hash":"136135431874179824316803860543176360959"},"deprecated":false,"source":"https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca","target":{"function":"bson_append_code_w_scope_n","file":"src/bson.c"},"signature_version":"v1","signature_type":"Function","id":"CVE-2020-12135-fcc925a9"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}