mongodb.libmongocrypt is vulnerable to Double Free
18
Low Risk
A double-free vulnerability exists in mongodb.libmongocrypt where several parsing functions incorrectly perform cleanup when processing malformed input. Because callers are expected to invoke the corresponding cleanup routine regardless of whether parsing succeeds or fails, a parse error can result in the same memory being freed twice. An attacker able to supply crafted input to an affected parsing function may trigger a denial of service through an application crash. Users should upgrade to a fixed version.
You are affected if you are using a version that falls within the vulnerable range.
mongodb.libmongocrypt is vulnerable to Double Free in versions 1.8.0 - 1.13.0.
Upgrade the mongodb.libmongocrypt library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant