{"id":"CVE-2024-5629","details":"An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.","aliases":["GHSA-m87m-mmvp-v9qm"],"modified":"2026-03-14T12:40:28.158480Z","published":"2024-06-05T15:15:12.737Z","related":["ALSA-2025:8419","CGA-2g2m-35r5-g383"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00032.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00007.html"},{"type":"FIX","url":"https://jira.mongodb.org/browse/PYTHON-4305"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo-python-driver","events":[{"introduced":"0"},{"fixed":"8da192f9ca2d4f6464897b22b3029c227043f0cb"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.6.3"}]}}],"versions":["0.10","0.10.1","0.10.2","0.10.3","0.11","0.11.1","0.11.2","0.11.3","0.12","0.13","0.14","0.14.1","0.14.2","0.15","0.15.1","0.15.2","0.16","0.4pre","0.5.1pre","0.5.2pre","0.5.3pre","0.5pre","0.6","0.7","0.7.1","0.7.2","0.8","0.8.1","0.9","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","1.0","1.1","1.1.1","1.1.2","1.10","1.10.1","1.11","1.2","1.2.1","1.3","1.4","1.5","1.5.1","1.6","1.7","1.8","1.8.1","1.9","2.0","2.0.1","2.1","2.1.1","2.2","2.2.1","2.2rc1","2.3","2.3rc1","2.4","2.4.1","2.4.2","2.5","2.5.1","2.6","2.7","2.7rc0","2.7rc1","3.0","3.0.1","3.0.2","3.0.3","3.0b0","3.0b1","3.0rc0","3.0rc1","3.1","3.1.1","3.10.0","3.10.1","3.11.0","3.11.0b0","3.11.0b1","3.11.0rc0","3.11.1","3.1rc0","3.2","3.2.1","3.2.2","3.2rc0","3.3.0","3.4.0","3.4rc0","3.5.0","3.5.1","3.6.0","3.6.1","3.6rc0","3.7.0","3.7.0b0","3.9.0","3.9.0b0","3.9.0b1","4.0","4.1.0","4.1.1","4.2.0","4.2.0b0","4.3.0","4.3.1","4.3.2","4.3.3","4.4.0","4.4.0b0","4.5.0","4.6.0","4.6.1","4.6.2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5629.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}